• moonpiedumplings@programming.dev
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    5 hours ago

    Deno is pretty interesting because it has built in sandboxing. By default, no code can even access the network. Everything must be explicitly allowed, including network access and environment variables: https://docs.deno.com/runtime/fundamentals/security/

    Access can be scoped pretty granularly as well, only allowing access to specific websites or env variables.

    I really like this model since it offers a strong protection against secrets stealers, which have hit NPM extremely frequently. No more of malicious NPM packages scraping the whole system to find secrets.

    It does have a performance tradeoff compared to Bun. Bun is (was?) the fastest, Node was the slowest, Deno was in the middle.