mirror of
https://github.com/denoland/deno.git
synced 2024-12-23 07:44:48 -05:00
b5d7e38f9b
Remove stuff from Roadmap that has been implemented.
1.9 KiB
1.9 KiB
Deno Roadmap
API and Feature requests should be submitted as PRs to this document.
Security Model (partially implemented)
- We want to be secure by default; user should be able to run untrusted code, like the web.
- Threat model:
- Modifiying/deleting local files
- Leaking private information
- Disallowed default:
- Network access
- Local write access
- Non-JS extensions
- Subprocesses
- Env access
- Allowed default:
- Local read access.
- argv, stdout, stderr, stdin access always allowed.
- Maybe: temp dir write access. (But what if they create symlinks there?)
- The user gets prompted when the software tries to do something it doesn't have the privilege for.
- Have an option to get a stack trace when access is requested.
- Worried that granting access per file will give a false sense of security due to monkey patching techniques. Access should be granted per program (js context).
Example security prompts. Options are: YES, NO, PRINT STACK
Program requests write access to "~/.ssh/id_rsa". Grant? [yNs]
http://gist.github.com/asdfasd.js requests network access to "www.facebook.com". Grant? [yNs]
Program requests access to environment variables. Grant? [yNs]
Program requests to spawn `rm -rf /`. Grant? [yNs]
- cli flags to grant access ahead of time --allow-all --allow-write --allow-net --allow-env --allow-exec
- in version two we will add ability to give finer grain access --allow-net=facebook.com
Top-level Await (Not Implemented)
This will be put off until at least deno2 Milestone1 is complete. One of the major problems is that top-level await calls are not syntactically valid TypeScript.
[Broken] List dependencies of a program.
Currently broken: https://github.com/denoland/deno/issues/1011
% deno --deps http://gist.com/blah.js
http://gist.com/blah.js
http://gist.com/dep.js
https://github.com/denoland/deno/master/testing.js
%