16 Jun
2020
16 Jun
'20
8:56 a.m.
On 16.06.20 10:00, redradist@gmail.com wrote:
You cannot trust PyPi either ...
I think user should decide if it allows code from arbitrary URL to access filesystem, network or anything else as `wasmtime` and `deno` did
If you want to do this, you can still download the code and use `importlib` to import it. But usually you want to import a whole package (or parts of it), not a stand-alone module. And this package might have dependencies on other packages. And these dependencies might even conflict with the dependencies of other packages that you are using. So this whole process is fairly complex and is better resolved before application startup. There exists a variety of tools that deal with package management (e.g. pip, poetry, ...).