I often find myself typing at least two or three permission options when playing with Deno:
deno run --allow-net --allow-read --allow-env app.ts
There's a way to escape explicit permissions.
Deno allow all permissions
Is it a good practice to pick up a trending topic and ask a question and answer them all by yourself in less than a minute.?? –
Aves
@GuneshShanbhag yes, in fact it is encouraged: Can I answer my own question? –
Engud
@GuneshShanbhag I won't get points for accepting my own answer, that is not how it works. Please be aware of the link that I sent you, and that when creating a question there's an option to answer it right away. It's a common community practice. –
Engud
oh okay. I hope your answer helps the community. –
Aves
You can use: --allow-all or the short option -A to allow all permissions.
Have in mind that it will include all of the following permissions:
--allow-env=<allow-env>Allow environment access for things like getting and setting of environment variables. Since Deno 1.9, you can specify an optional, comma-separated list of environment variables to provide an allow-list of allowed environment variables.--allow-hrtimeAllow high-resolution time measurement. High-resolution time can be used in timing attacks and fingerprinting.--allow-net=<allow-net>Allow network access. You can specify an optional, comma-separated list of IP addresses or hostnames (optionally with ports) to provide an allow-list of allowed network addresses.--allow-ffiAllow loading of dynamic libraries. Be aware that dynamic libraries are not run in a sandbox and therefore do not have the same security restrictions as the Deno process. Therefore, use with caution. Please note that--allow-ffiis an unstable feature.--allow-read=<allow-read>Allow file system read access. You can specify an optional, comma-separated list of directories or files to provide an allow-list of allowed file system access.--allow-run=<allow-run>Allow running subprocesses. Since Deno 1.9, You can specify an optional, comma-separated list of subprocesses to provide an allow-list of allowed subprocesses. Be aware that subprocesses are not run in a sandbox and therefore do not have the same security restrictions as the Deno process. Therefore, use with caution.--allow-write=<allow-write>Allow file system write access. You can specify an optional, comma-separated list of directories or files to provide an allow-list of allowed file system access.
There's a nice option -A to allow all permissions.
deno run -A app.ts
Important: This is insecure and should be used for experimentation only.
When developing real applications prefer explicit permissions.
I created a tool that aims to help with that https://github.com/BentoumiTech/denox/
You can specify your scripts in a deno-workspace.yml file with permissions list
scripts:
# "denox run start" will execute app.ts with --allow-net --allow-read --allow-env permissions
start:
file: app.ts
deno_options:
allow-net: true
allow-read: true
allow-env: true
$ deno install -Af -n denox https://denopkg.com/BentoumiTech/denox/denox.ts
$ denox run start will translate to deno run --allow-net --allow-read --allow-env app.ts
It also supports all the other deno options
allow-all, allow-env, allow-hrtime, allow-net, allow-plugin, allow-read, allow-run,
allow-write, cached-only, cert, config, importmap, inspect, inspect-brk, lock, lock-write,
log-level, no-remote, quiet, reload, seed, unstable, v8-flags
You could use denon https://deno.land/x/denon, is a tool like nodemon. An awesome thing about this is that includes a denon.json where you can add the attribute "allow": as an array and add the flags you want.
"allow": ["net", "read", "write"]
and then in the terminal run the script for start your application
denon start yourapp.ts
This will run:
deno run --allow-net --allow-read --allow-write yourapp.ts
Now, when you make a change and save, it will run it again.
It has other cool attributes to add like the "unstable": true. Give it a try and read the README from denon for more information.
© 2022 - 2024 — McMap. All rights reserved.