Today I released a new security module for Deno called permission-guard!
This module is a zero-dependency, minimal permission guard for Deno to prevent overly permissive execution of your applications.
import { guard } from "https://deno.land/x/permissionGuard@2.0.1/mod.ts";
await guard();
console.log("Execute my code...!");
If the application is run with permissions it doesn't need, or without permissions it does need, the guard will shield your application and prevent it from running.
For example, the guard
in the above example would prevent
deno run --unstable -A ./index.ts
from executing any further. This extra protection means you are safer from potential malicious 3rd party code that could otherwise take advantage of overly permission application executions.
Installation
This is a Deno module available to import direct from this repo and via the Deno Registry.
Before importing, download and install Deno.
You can then import permission-guard
straight into your project:
import { guard } from "https://deno.land/x/permissionGuard@2.0.1/mod.ts";
Note:
permission-guard
makes use of the unstable Deno Permissions API which requires--unstable
to be passed in the Denorun
command. You can usepermission-guard
in applications and not provide the--unstable
flag,permission-guard
will simply return as a no-op and not provide any defenses.
Features
- Protection against unnecessary top-level permissions.
- Protection against missing required permissions.
- Recommendations where permissions could be better scoped (if
log: true
provided). - Useful logs detailing the missing or insecure permissions (if
log: true
provided).
Docs
Examples
permission-guard
has all the examples you need to get started.
To run the examples:
- Clone the
permission-guard
repo locally:
git clone git://github.com/asos-craigmorten/permission-guard.git --depth 1
cd permission-guard
Then run the example you want:
deno run --unstable ./examples/defaults/index.ts
All the examples contain example commands in their READMEs to help get you started.
More!
Want to know more? Head over to the permission-guard GitHub page for full details.
Want to help, found a bug, or have a suggestion? Please reach out by commenting below or raising issues / PR on the repo!
Top comments (0)