Comment by nicce
2 months ago
Node does not have the concept of security and isolation like the Deno has. There is maintainer comment in the same thread.
2 months ago
Node does not have the concept of security and isolation like the Deno has. There is maintainer comment in the same thread.
What evidence is there that Deno's "security and isolation" works?
It's their application, yt-dlp can use whatever it wants. But they made their choices for stylistic/aesthetic reasons.
What evidence is telling the opposite?
Scripts use V8 isolation, identical to Chrome. What comes to rest, we can only trust or review by ourself, but it is certainly better than nothing in this context.
Identical to Chrome except the part where Chrome uses os-level sandboxing on top. V8 exploits are common, Deno sandboxing by itself is not a good idea if you are executing arbitrary code.
3 replies →