"deno repl" has permissions by default? #12665
Replies: 5 comments
-
|
Maybe |
Beta Was this translation helpful? Give feedback.
-
|
Fully agree, this seems like a huge hazard for people that have come to assume safety by default. Also fully agree that an interactive prompt is the best way of going about granting permissions, with the caveat that there should definitely be some filtering step to make sure the user didn't hit "confirm" through a faulty keyboard double-send, or while mentally on autopilot (e.g. typing "y/yes" or "n/no" instead of a key already under-finger, or a debounce timer of 1-3 seconds, Firefox download -style) -- either that, or a highly visible warning at the start of the REPL session that all permissions are granted. |
Beta Was this translation helpful? Give feedback.
-
|
If there's no enthusiasm for changing current default behavior, how about a It could be used for |
Beta Was this translation helpful? Give feedback.
-
|
This problem will be addressed by #16795 |
Beta Was this translation helpful? Give feedback.
-
|
This has been fixed for some time now since 1.29. See https://deno.com/blog/v1.29#deno-repl-runs-with-no-permissions-by-default |
Beta Was this translation helpful? Give feedback.
-
I just tried and it seems like
deno replcan write to the local file system by default. I was actually expecting the REPL to be constrained by the same "no permissions" default as running a script.Am I the only one who expected the REPL to not have permissions by default?
In my case, I was testing out a random third party module (that seemed legit... but you never know) and thought that I could use the REPL to safely play with the module, prior to vetting the source code. I thought this would be one of the main uses of the REPL.
I'm curious to hear what others think, thanks!
Beta Was this translation helpful? Give feedback.
All reactions