1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-03 04:48:52 -05:00
denoland-deno/Roadmap.md
Ryan Dahl b5d7e38f9b Add Docs.md
Remove stuff from Roadmap that has been implemented.
2018-10-19 21:36:07 -04:00

61 lines
1.9 KiB
Markdown

# Deno Roadmap
API and Feature requests should be submitted as PRs to this document.
## Security Model (partially implemented)
- We want to be secure by default; user should be able to run untrusted code,
like the web.
- Threat model:
- Modifiying/deleting local files
- Leaking private information
- Disallowed default:
- Network access
- Local write access
- Non-JS extensions
- Subprocesses
- Env access
- Allowed default:
- Local read access.
- argv, stdout, stderr, stdin access always allowed.
- Maybe: temp dir write access. (But what if they create symlinks there?)
- The user gets prompted when the software tries to do something it doesn't have
the privilege for.
- Have an option to get a stack trace when access is requested.
- Worried that granting access per file will give a false sense of security due
to monkey patching techniques. Access should be granted per program (js
context).
Example security prompts. Options are: YES, NO, PRINT STACK
```
Program requests write access to "~/.ssh/id_rsa". Grant? [yNs]
http://gist.github.com/asdfasd.js requests network access to "www.facebook.com". Grant? [yNs]
Program requests access to environment variables. Grant? [yNs]
Program requests to spawn `rm -rf /`. Grant? [yNs]
```
- cli flags to grant access ahead of time --allow-all --allow-write --allow-net
--allow-env --allow-exec
- in version two we will add ability to give finer grain access
--allow-net=facebook.com
## Top-level Await (Not Implemented)
[#471](https://github.com/denoland/deno/issues/471)
This will be put off until at least deno2 Milestone1 is complete. One of the
major problems is that top-level await calls are not syntactically valid
TypeScript.
### [Broken] List dependencies of a program.
Currently broken: https://github.com/denoland/deno/issues/1011
```
% deno --deps http://gist.com/blah.js
http://gist.com/blah.js
http://gist.com/dep.js
https://github.com/denoland/deno/master/testing.js
%
```