|
|
|
|
|
|
by LunaSea
1149 days ago
|
|
|
> A build tool, that reads input files and writes output files, and nothing else. If it wants to upload artefacts to a CDN it will also require network access. > A CLI that interacts with the bug tracker, and needs to read the environment variables and do networking, but doesn't need to read the filesystem, launch subprocesses, etc. Chances are the CLI needs to read ENV variables to authenticate or a configuration file and maybe even subprocesses to setup parallel processing. > A serverless function that doesn't need anything but networking. A serverless function will probably read environment variables as well or access a package.json file to read some context about the name of the package and it's version. My point is that most programs will require all access enabled. |
|
|
Even with your own theoretical additions to what the programs above need, none of the programs above actually need "all" access enabled.
And even when you do need to allow environment variables, subprocesses, and filesystem access, you can specify which ones. E.g. this program can read this specific package.json file and no other files. Or these three specific environment variables, and no others.
Which is still significantly different than "all".