|
|
|
|
|
|
by ar-nelson
1211 days ago
|
|
|
> Should it have a "repository" of whitelisted domains? Yes, actually. Deno's security model allows you to whitelist file paths and network domains with --allow-read, --allow-write, and --allow-net. But this doesn't apply to static imports. I don't see why it needs to be this way. There should at least be a flag or deno.json config option that would require you to explicitly approve every new import domain, which would prevent typo attacks and make long chains of transitive imports obvious. deno.land could be allowed by default. |
|
|