• castarco
    link
    fedilink
    arrow-up
    1
    ·
    2 years ago

    Very interesting :) , although I have the feeling we already have some features in place (and others on the way) trying to solve this same problem.

    • We already have “Shadow Realms”, which doesn’t really solve the capabilities problem, but at least provides a thin isolation layer (at least our globals are protected!). This is supposed to work in all JS environments, not just NodeJS.
    • On top of that, there’s work in progress to implement a permissions system (with experimental code already in place, that can be tested): https://github.com/nodejs/security-wg/issues/791