DEV Community

Craig Morten
Craig Morten

Posted on • Updated on

Permissions Security For Deno

Today I released a new security module for Deno called permission-guard!

This module is a zero-dependency, minimal permission guard for Deno to prevent overly permissive execution of your applications.

import { guard } from "https://deno.land/x/permissionGuard@2.0.1/mod.ts";

await guard();

console.log("Execute my code...!");
Enter fullscreen mode Exit fullscreen mode

If the application is run with permissions it doesn't need, or without permissions it does need, the guard will shield your application and prevent it from running.

For example, the guard in the above example would prevent

deno run --unstable -A ./index.ts
Enter fullscreen mode Exit fullscreen mode

from executing any further. This extra protection means you are safer from potential malicious 3rd party code that could otherwise take advantage of overly permission application executions.

Installation

This is a Deno module available to import direct from this repo and via the Deno Registry.

Before importing, download and install Deno.

You can then import permission-guard straight into your project:

import { guard } from "https://deno.land/x/permissionGuard@2.0.1/mod.ts";
Enter fullscreen mode Exit fullscreen mode

Note: permission-guard makes use of the unstable Deno Permissions API which requires --unstable to be passed in the Deno run command. You can use permission-guard in applications and not provide the --unstable flag, permission-guard will simply return as a no-op and not provide any defenses.

Features

  • Protection against unnecessary top-level permissions.
  • Protection against missing required permissions.
  • Recommendations where permissions could be better scoped (if log: true provided).
  • Useful logs detailing the missing or insecure permissions (if log: true provided).

Docs

  • Docs - usually the best place when getting started ✨
  • Deno Docs

Examples

permission-guard has all the examples you need to get started.

To run the examples:

  1. Clone the permission-guard repo locally:
   git clone git://github.com/asos-craigmorten/permission-guard.git --depth 1
   cd permission-guard
Enter fullscreen mode Exit fullscreen mode

Then run the example you want:

   deno run --unstable ./examples/defaults/index.ts
Enter fullscreen mode Exit fullscreen mode

All the examples contain example commands in their READMEs to help get you started.

More!

Want to know more? Head over to the permission-guard GitHub page for full details.

Want to help, found a bug, or have a suggestion? Please reach out by commenting below or raising issues / PR on the repo!

Top comments (0)