For such a thing to be useful, it will ultimately need to percolate up to users to understand what they are getting themselves into by using some application. Would this be correct in your view?
Would permissions be attached to individual modules? Packages? Would they be declarative ahead of time, or be more of the more modern Android model of asking for permission as code executes?
Hello all,
Supply chain attacks are becoming a pressing concern in software development due to the large number of dependencies and multiple attack vectors. Using third party modules (libraries, packages etc) is always a risk but the true potential of these attacks is now being weaponized. One way to deal with the risk is by limiting access to sensitive APIs like filesystem, shell, network and ffi so that packages which aren't explicitly granted permissions cannot use them, reducing their ability to do damage.
For example, a yaml parser should not need to use ffi, network nor shell. A command line argument parser library should not use network, ffi nor filesystem. Deno, a runtime for Typescript contains an interesting implementation of a permissions model for APIs.
Currently, it only prevents module imports in a very elementary manner but perhaps it can be of use to spark a discussion for an implementation.
Looking forward to your thoughts,
Aarnav
_______________________________________________