Comments (9)
You scripts seems to have wrong permissions ?
I was just quickly typing this as an illustrative example, not as a copy-pasteable script. You are right, more perms are typically needed for any script being run by dax
but I figured pointing out the possibility of defining the perms in this way could be helpful as a documentation item which may help a subset of needs. 👍
from dax.
There is an option in wasmbuild (which dax uses to build the wasm file) to do that: https://github.com/denoland/wasmbuild#cli-flags (--sync
). I believe it is slower to load, but I should measure to see how much slower as maybe it's not a big deal.
from dax.
@NfNitLoop deno-embedder looks nice!
from dax.
Related to both this issue and #27, I have taken to using a shebang on executable files which lets each file declare its own permissions:
#!/usr/bin/env -S deno run --allow-env=HOME,PATH --allow-net=deno.land --allow-read=.
I think this could be another useful thing to include in docs (it's already in the Deno docs, which is where I got it from, e.g. https://deno.land/[email protected]/examples/hashbang).
Going this route lets you invoke child scripts that can have different permissions from the calling Deno process:
script-a.ts
#!/usr/bin/env -S deno run --allow-env=PWD --allow-read=.
import { $ } from 'https://deno.land/x/dax/mod.ts'
const scriptB = $.path.join(Deno.env.get('PWD'), 'script-b.ts') // file with executable bit set
await $`${scriptB}`
script-b.ts
#!/usr/bin/env -S deno run --allow-env=HOME --allow-run=/bin/ls
import { $ } from 'https://deno.land/x/dax/mod.ts'
await $`ls -lah ${Deno.env.get('HOME')}`
Could be worth a mention 👍
from dax.
You scripts seems to have wrong permissions ?
- dax will always ask for -allow-env=all
- even if you pass --allow-run=bin, dax will stat many paths to search for that bin, so you have to give --allow-read=1,2,3, all the paths that dax search
I wonder if can any of the above be improved ?
The other permissions are:
- downloading and writing the wasm file if it doesn't exist so --allow-net=deno.land and --allow-write=.local/share../wasm
- and after the first usage, it becomes just --allow-read=wasmfile
from dax.
Once deno supports Wasm modules then we can get rid of needing to save and read the cache directory.
I think you can do this before Deno supports native WASM modules. I haven't used WASM much myself, but as I understand it you just feed bytes into WebAddembly.Module() (example)
So if you transform your .wasm file to something like base64_encoded_wasm.ts (or .js or .json), you can just
import wasmBytes from "./base64_encoded.wasm.ts"
This lets deno install
or deno compile
cache the file for you. And lets deno run
fetch (and cache!) the file for you without needing --allow-net
or --allow-write
access.
Shameless plug: If you don't want to base64-encode the wasm file yourself, you could use deno-embedder, which I wrote to do just this kind of thing.
from dax.
As for cwd/HOME -- I'm not sure why dax needs to read those explicitly. For example, I can just run a Deno command without the --allow-env
:
#!/usr/bin/env -S deno run --allow-run
const result = await new Deno.Command("env").output()
const outText = new TextDecoder().decode(result.stdout)
console.log(outText)
(Update): Aha, I see. Some of the built-in commands like pwd
will need to know CWD to be able to operate correctly w/o calling a command. (At least, with the current implementation.)
Context: I'd avoided using Dax for a while because my very first experience with it was it asking for permissions to environment variables and reading/writing local directories, and network access, which seemed strange. (yes, even in the face of giving it --allow-run
. Or maybe in especially for that reason.)
Months later, I was quickly making a script and forgot about my issues. This time I just threw on an -A
because I was in a hurry, and I very much like the simplicity of Dax's interface. ❤️ And I am a fan of replacing Bash with Deno
I'd love to use Dax while granting it fewer permissions!
from dax.
@dsherret I'm not sure if my PR link 2 days ago sent a notification to this issue, so just in case it didn't, see the above. 😊
I created a simple benchmark to test the "before" performance. Then I converted to use the --sync
option, and found out that it's actually slightly faster. So if you were sticking to the other loading method for speed, there's no need AFAICT.
from dax.
Thanks, @NfNitLoop! That was a big improvement.
And I am a fan of replacing Bash with Deno
I agree. I'm actually probably doing a lightning talk on this subject next month at a conference.
from dax.
Related Issues (20)
- Logging object as argument should not print [object Object]
- Upgrade dependency deno_task_shell to 0.14.2
- Merged streams make it unable to access streams HOT 1
- Panic on stderr redirect
- Make it easier to pipe to files HOT 3
- Patch for deprecation warnings in console/utils.ts HOT 2
- Redesign command and internal streams
- Ability to cancel a request HOT 1
- Support for subshells breaks escaped parentheses HOT 1
- Rename `PathRef` to `Path`
- Support providing a `CommandBuilder` to a template literal expr HOT 1
- built-in 'cat' command does not work with absolute paths
- Add `.linesIter()`
- Support glob expansion
- Path - Copy dir recursive
- Strict typing for arguments HOT 1
- Strange issue when upgrading Deno HOT 3
- $.prompt doesn't support utf-8? HOT 1
- add command for `tar` HOT 2
- imagemagick hangs 😞
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dax.