re: Getting started with Deno VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Deno A secure runtime for JavaScript and TypeScript BUT!!! Importing from a URL Deno lets you import from the web, just like you can in the...
 

It's not, not unless you can pin a hash and limit hosts in configuration.

On the flip side, I don't think it's much worse than npm.

 

It has the possibility of being much secure than Node/NPM. Even if you allow network access, a script will not have access to the file system unless you also grant it file system access. The first time you run a script, you have the option of walking through everything in all the code which requires any additional permissions (file system, network, etc) and individually granting or denying access. Eventually, the goal is to allow for more fine grained access, e.g. scoping permissions to specific paths or specific URLs.

None of this is a silver bullet, but it's much better (more secure) than Node/NPM which just allows everything.

code of conduct - report abuse