[AgentME]

Javascript/Typescript as it is now isn't a great language for a real capability system because any code can monkey-patch global objects and use that to steal capability objects from elsewhere. JS code of different privilege levels needs to be run in separate realms at the very least. (Though there are proposals for things like frozen realms that try to make JS more suitable for capability systems.)

[vrighter]

one more reason I would have preferred a world in which lua was used in js's place

[AgentME]

Isn't Lua equally monkey-patchable? Both of the languages, along with Python and Ruby, represent nearly everything as mutable objects.

[vrighter]

but you can relatively easily sandbox anything you want and close all escape hatches. If you want to turn off the monkeypatching functionality, that's just a metatable or two away. I can and regularly disable monkeypatching on some of my libraries (especially where it interacts with c++ interop). JS now has proxy objects, but lua has been able to do this since way before

And also those stackful coroutines, would have made callback hell non-existent, and no async/await function coloring either (as long as you started one coroutine somewhere up the call stack.