Skip to main content
Module

x/deno/Roadmap.md

A modern runtime for JavaScript and TypeScript.
denoland/deno
Go to Latest
File

Deno Roadmap

API and Feature requests should be submitted as PRs to this document.

Security Model (partially implemented)

  • We want to be secure by default; user should be able to run untrusted code, like the web.
  • Threat model:
    • Modifiying/deleting local files
    • Leaking private information
  • Disallowed default:
    • Network access
    • Local write access
    • Non-JS extensions
    • Subprocesses
    • Env access
  • Allowed default:
    • Local read access.
    • argv, stdout, stderr, stdin access always allowed.
    • Maybe: temp dir write access. (But what if they create symlinks there?)
  • The user gets prompted when the software tries to do something it doesn’t have the privilege for.
  • Have an option to get a stack trace when access is requested.
  • Worried that granting access per file will give a false sense of security due to monkey patching techniques. Access should be granted per program (js context).

Example security prompts. Options are: YES, NO, PRINT STACK

Program requests write access to "~/.ssh/id_rsa". Grant? [yNs]
http://gist.github.com/asdfasd.js requests network access to "www.facebook.com". Grant? [yNs]
Program requests access to environment variables. Grant? [yNs]
Program requests to spawn `rm -rf /`. Grant? [yNs]
  • cli flags to grant access ahead of time –allow-all –allow-write –allow-net –allow-env –allow-exec
  • in version two we will add ability to give finer grain access –allow-net=facebook.com

Top-level Await (Not Implemented)

#471

This will be put off until at least deno2 Milestone1 is complete. One of the major problems is that top-level await calls are not syntactically valid TypeScript.

[Broken] List dependencies of a program.

Currently broken: https://github.com/denoland/deno/issues/1011

% deno --deps http://gist.com/blah.js
http://gist.com/blah.js
http://gist.com/dep.js
https://github.com/denoland/deno/master/testing.js
%