## Notes [[Deno]] is built on the following principles: - **No access to I/O by default**: *Deno* doesn't allow access to - Read/write arbitrary files on the file system - Make network requests or open network listeners - Access to environment variables - Spawn subprocesses - **No limits on the execution of code at the same privilege level**: `Deno` allows the execution of code via multiple means: `eval`, `new Function`, dynamic imports, and [[web workers]] at the same privilege level with little restriction as to where the code originates - **Multiple invocations of the same application can share data**: `Deno` provides built-in caching and KV storage APIs - **All code executing on the same thread shares the same privilege level** - **Code cannot escalate its privileges without user consent**: done via prompt or flag - **Initial static module graph can import local files without restrictions** ## References - [Deno Docs](https://docs.deno.com/runtime/fundamentals/security/)