DEV Community

Discussion on: Introducing Yarn 2 ! 🧢🌟

Collapse
 
purpledrgn profile image
purpledrgn

Personally I would be more then happy with a "secure mode" that simply breaks any sort of "fancy" code people might have and requires explicit "whitelist" approval in package.json and very clear looking code for any sensitive such as imports, fs access, network access or global object access, etc.

Simple Checklist:

  • Does package access global object in any way? Blocked, no other checks necessary.
  • Does a import or require use anything that doesn't look like a regular dumb string? Blocked.
  • Every low-level network / filesystem / process-spawn package is replaced with an alias version that has some basic whitelist controls on it's sensitive methods.

There's no need to be flexible when implementing something like this. People need to adapt to the secure system until we have a better "flexible" secure system not the other way around. I would drop even high profile packages if it meant peace of mind.

I don't see any sort of node "sandboxing" making any difference in this regard and if the work in Dino is anything to go by, node level sandboxing is pretty stupid in practice with out user space assumtions.