Deno 2.0 looks to backward compatibility to move forward Deno, the runtime for JavaScript and TypeScript, reached version 2.0 on Wednesday, bringing with it baggage from the past in the form of broad Node.js compatibility. The project debuted in May 2020 when Ryan Dahl attempted to address problems he saw with Node.js, the JavaScript runtime he released in May 2009 and which he …
https://en.wikipedia.org/wiki/Capability-based_security
TL;DR: The web is "secure by default" because the APIs are designed so that they "lack the words to describe" things like reading a local file the user didn't explicitly choose to share.
Compare WASI (WebAssembly's capability-based POSIX analogue) vs. POSIX.
Vulnerabilities involve finding ways to break the system to synthesize new verbs, rather than having a full vocabulary with some having been declared taboo and needing to find ways to speak euphemistically like when when you're speaking POSIX and trying to break out of Firejail.
In essence, finding a vulnerability in a capability-based system is akin to breaking memory protection by finding a way to refer to phsical memory addresses that don't receive virtual memory mappings while your process is executing.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
