There's some capabilities-based security talk going on here, but the current state of the art in JavaScript makes absolutely no sense to me. It's nonsensical on its face. Right now, you grant caps through Deno to the whole executable script--so dependencies left and right that don't need caps get them.
So, what's the point? It's literally worthless. It does nothing to stop capabilities abuse.
The same thing could have happened here with Visual Studio Code. The language nor its popular runtimes are simply not designed for this behavior.
As far as I know Node.js still doesn't have capabilities functionality, which doesn't matter, because how broken Deno's is means they're practically on the same footing.
The “right answer” afaik is to adopt the web permission model, which VSCode actually already supports. In addition to the Node extension host, there’s a WebWorker extension host which is much more secure (it’s the only host available on things like vscode.dev). Extensions need to opt into it unfortunately, but the code changes are not too bad in my experience.
I agree, but it's not a problem unique to javascript. I'm not aware of any popular language/runtime/package manager that goes beyond what Deno can do, however insufficient that is. It's quite a hard problem.
It’s a problem with security across computing in general, not just JS. For example, what are these languages and runtimes you have in mind that solve this issue with app plugins if VS Code were using them instead?
In other languages, it's possible to set environments where code run from that environment have restricted access to explicitly defined globals.
You can do this to create things like plugin systems, etc, where you know by specification you never want a context to have access to say, making HTTP requests.
I wonder how this would look elsewhere as things like WASM for extensions becomes more popular. How would you model capabilities in Rust? How would that not apply to the whole results binary?
So, what's the point? It's literally worthless. It does nothing to stop capabilities abuse.
The same thing could have happened here with Visual Studio Code. The language nor its popular runtimes are simply not designed for this behavior.
As far as I know Node.js still doesn't have capabilities functionality, which doesn't matter, because how broken Deno's is means they're practically on the same footing.