EDIT: I'm actually a real fan of Deno, but that was never because of its security promises. Security is both technical and cultural, and I think cases like this suggest that while the technical side was always shaky, the cultural side is just as weak. If first-party material promotes the idea of running scripts with `-A`, then that's the direction the community will be led.
Security makes more sense for deno when your host your app in serverless v8 hosting environments like deno. They don't even have a way to specify all permissions. v8 isolates are the new cool thing in serverless hosting especially with wasm providing way to run c/rust code on v8. We have to see how this will pan out compared to containers.
Isn't the hosting environment providing the security in that case? I can run Nodejs code on AWS Lambda, and CloudFlare also has their own edge runtime environment which is based on v8 isolates but isn't Deno.
What I meant was that you could emulate locked down version that deno or cloudflare provide in your local during development with the granularity of permissions. I though lambda was a full container running app, did they add isolate environment to it?
Oh I see what you're saying. Yes, while I'm not an expert I suppose Lambdas are less isolated than CF workers or Deno Deploy, while being pragmatically more isolated than e.g. a regular VM.
So we're giving up on "it's more secure"?
EDIT: I'm actually a real fan of Deno, but that was never because of its security promises. Security is both technical and cultural, and I think cases like this suggest that while the technical side was always shaky, the cultural side is just as weak. If first-party material promotes the idea of running scripts with `-A`, then that's the direction the community will be led.