[LunaSea]

But it's the wrong approach.

The correct approach would have been through syscall blocking which is a much lower level.

[vanjajaja1]

I'm assuming you mean SELinux style sys call blocking. I think you need both - syscall blocking for the system/deno layer, which enables app layer security in deno itself. That would be the composition-over-inheritance / functional approach.