Restriction of initial static module graph build
βοΈDeno CLI
I am writing a service that allows you to run TypeScript code. Almost like Val Town.
The parent Deno process is running in the folder /user/app/index.ts
It runs child Deno processes in the folders /user/apps/{name}/index.ts
Now child processes can, knowing the path to the parent process, import its modules. For example, /user/app/index.ts.
It's not safe for my service.
I read in the documentation that all files in the initial static module graph can be imported without restrictions.
In the file .github/SECURITY.md I found that building the module graph follows the permissions of the parent.
I didn't understand what kind of parent exactly is.
Can you tell me how I can restrict the import of parent scripts from child scripts?
Is it even possible to do this?
The parent Deno process is running in the folder /user/app/index.ts
It runs child Deno processes in the folders /user/apps/{name}/index.ts
Now child processes can, knowing the path to the parent process, import its modules. For example, /user/app/index.ts.
It's not safe for my service.
I read in the documentation that all files in the initial static module graph can be imported without restrictions.
In the file .github/SECURITY.md I found that building the module graph follows the permissions of the parent.
I didn't understand what kind of parent exactly is.
Can you tell me how I can restrict the import of parent scripts from child scripts?
Is it even possible to do this?
