`deno run` that never writes to `DENO_DIR` or `deno.lock`?
I am working on an application that embeds a
The plugins are folders that are included in our app bundle, which contain deno configuration and
Because we need to sign our app bundle, and some plugins are bundled within the app bundle, we run into the issue where the signature will be invalidated due to
We don't want to use
It seems like some combination of
denodeno 1.46.3 binary and uses it to deno rundeno run some app plugins. The plugins are folders that are included in our app bundle, which contain deno configuration and
.ts.ts files.Because we need to sign our app bundle, and some plugins are bundled within the app bundle, we run into the issue where the signature will be invalidated due to
deno run --cached-onlydeno run --cached-only being able to modify deno.lockdeno.lock and any already-cached deno-depsdeno-deps. We don't want to use
--frozen--frozen, because this would return an error instead of an invalid signature. We don't want to compilecompile because having many copies of deno would make our app much larger in size.It seems like some combination of
--cached-only--cached-only, --no-remote--no-remote or maybe --vendor--vendor could help us out, but we haven't had luck yet. Another approach we may explore is using the OS filesystem to mark our bundled plugin folders as readonly.
