> If I include a 3rd party package in the JVM, I have absolutely no guarantee th... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

toohotatopic on June 4, 2020 | parent | context | favorite | on: What the Hell Is a Deno?

> If I include a 3rd party package in the JVM, I have absolutely no guarantee that it will work well, much like in Node.

In the JVM you can use the security Manager [1] and limit file access and access to similarly sensitive areas. If you want you can fully guarantee that nothing is accessed randomly.

Of course that builds on the JVM not having a zero-day bug.

[1] https://en.wikipedia.org/wiki/Java_security

poink on June 4, 2020 [–]

There are all kinds of things NPM users can do to mitigate security problems. The only interesting question is what the default is.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact