upvote

points

by sheept1 hours ago |
comments
upvoteby coffeebeqn47 minutes ago|
next
[-]
In my area it feels like it’s competing against go which is a language purposefully designed for the thing we’re building and has a great tool chain already. I never really wanted JavaScript. It’s not a very thoughtfully designed language and the not very good design was made for the browser. I just used node because it was simple to get it working. And you have bun and things like that competing for the space too
reply
upvoteby sysguest1 hours ago|
prev|
[-]
yeah it's such a pity deno's security features could have made recent npm attacks moot...
reply
upvoteby sheept1 hours ago|
parent|
next
[-]
The recent npm supply chain attacks relied on lifecycle scripts, which Deno doesn't run by default, but neither do pnpm or Bun. While Deno, like npm, supports a minimum release age, it doesn't enable it by default.
reply
upvoteby sysguest58 minutes ago|
parent|
[-]
well deno has 'allow-read' 'allow-write' kind of permission, so if something tries to read from my ~/.ssh or other important folder, it can just block it

even with blocking lifecycle scripts, the attacker could have planted it somewhere else or just trick the dev somehow to run it

reply
upvoteby cyanydeez1 hours ago|
parent|
prev|
[-]
the problem was at the start of deno, it didn't integrate with npm; the same way Macintosh used to be free of virus and trojan horses was because people just didn't use it enough.
reply