> I should be able to install this module in such a way where file operations and process operations are not available to it.
replyThat's the definition of a sandbox, isn't it?
do you really think you will see a clear "spawn" call? there is a long history of obfuscating what the code does to hide backdoors, in quite ingenious ways
reply> I should be able to install this module in such a way where file operations and process operations are not available to i
technically browser sandboxes, WASM, do this. but then you are very limited since you can only sandbox the whole app, and not one module, so if you need local file access, you need to open it up to the whole app and all it's modules