You must log in or # to comment.
I don’t think the node ecosystem is fixable, it’s honestly a better idea to just start from scratch.
I don’t think talking in absolutes is the best way to tackling at problems. In this case, I would say there’s a gradient, and we can surely shift our current position from “utterly broken” to something more benign, even if there are still flaws pending to be corrected.
Starting from scratch would imply throwing away millions of hours of developer time. It’s tempting, but not feasible, and even if it was, it would be a bad economical decision.
Very interesting :) , although I have the feeling we already have some features in place (and others on the way) trying to solve this same problem.
- We already have “Shadow Realms”, which doesn’t really solve the capabilities problem, but at least provides a thin isolation layer (at least our globals are protected!). This is supposed to work in all JS environments, not just NodeJS.
- On top of that, there’s work in progress to implement a permissions system (with experimental code already in place, that can be tested): https://github.com/nodejs/security-wg/issues/791
