HackerTrans
TopNewTrendsCommentsPastAskShowJobs

duncanbeevers

no profile record

comments

duncanbeevers
·8 mesi fa·discuss
Lavamoat purports to do this. https://lavamoat.github.io/

There has been some promising prior research such as BreakApp attempting to mitigate unusual supply-chain compromises such as denial-of-service attacks targeting the CPU via pathological regexps or other logic-bomb-flavored payloads.
duncanbeevers
·anno scorso·discuss
There's a great paper implementing this idea in the node.js ecosystem; [BreakApp: Automated, Flexible Application Compartmentalization](https://ic.ese.upenn.edu/pdf/breakapp_ndss2018.pdf) which modifies the `require` signature to allow specifying a security scope in which the module can be run.

It doesn't quite work at the capabilities level, but it does provide some novel protections against unusual supply-chain attacks such as denial-of-service attacks which may otherwise require no special capabilities.
duncanbeevers
·5 anni fa·discuss
Ink may be the tool you're looking for.

https://vadimdemedes.com/posts/ink-3

It lets you write React CLI apps using a flexbox layout engine, and is used by a number of high-profile node projects.