With Python being a language heavily utilized in server and end-user applications, I would take a different approach for both. I have to admit I haven't thought much about the "normal user" in this case and focused primarily on developers. Perhaps developers shipping an application ship the code with a module policy? The way I imagine the implementation is that module restriction is recursive, so I only have to look at my top-level dependencies and not their sub-dependencies when wanting to restrict a module. Regarding the second part, I think restricting it to modules would be ideal. I also think the permissions should be like the Android model where an application can prompt you. Deno does it in an interesting manner where you can choose to be prompted, which makes sense when running an end-user application or you could reject any prompting and accept or deny the request automatically which makes sense in a server-side application. I hope this answers your questions. I am happy to elaborate if not.