Why Are Permissions Enabled Globally and Not Per Dependency?
I've been trying out Deno and built a small project. One thing heard about Deno was the control over what a package can do on your system. However, after going through the docs and experimenting, I noticed that permissions can only be enabled globally for the project. Is there a way to allow specific permissions, like file system access, for just one package? It feels a bit confusing because in my small project, I already need to allow three permissions, and Iām tempted to just use the -A flag for convenience. Could someone clarify this for me?
6 Replies
simple answer to the title question: technical limitations we have not been able to work around (yet)
ah okay but the plan for a future version would be to give Permissions per Dependency?
I wouldn't say its something they intend to eventually do, but if someone figures out a viable way to do it then I guess it would probably be implemented.
Wouldn't it be beneficial to have more detailed control over permissions? I'm trying to understand why this approach is considered safer than Node.js. Maybe I'm missing something?
It would but there is a technical limitation preventing them from implementing it.
This current approach is still better than nodejs because you can limit, what directories and files are opened, what commands are executed, etc. Deno offers you the ability to prevent a random dependency from executing
rm -rf /Alright that clears it up