For the following example, has been granted read-only access to the file system. It cannot write to it, or perform any other security-sensitive functions.

    The following permissions are available:

    • -A, —allow-all Allow all permissions. This disables all security.
    • --allow-env Allow environment access for things like getting and setting of environment variables.
    • --allow-net= Allow network access. You can specify an optional, comma-separated list of domains to provide an allow-list of allowed domains.
    • --allow-plugin Allow loading plugins. Please note that —allow-plugin is an unstable feature.
    • --allow-read= Allow file system read access. You can specify an optional, comma-separated list of directories or files to provide a allow-list of allowed file system access.
    • --allow-run Allow running subprocesses. Be aware that subprocesses are not run in a sandbox and therefore do not have the same security restrictions as the deno process. Therefore, use with caution.
    • --allow-write= Allow file system write access. You can specify an optional, comma-separated list of directories or files to provide a allow-list of allowed file system access.

    This example restricts file system access by allow-listing only the /usr directory, however the execution fails as the process was attempting to access a file in the /etc directory:

    2.  $deno$/dispatch_json.ts:40:11
    3.     at DenoError ($deno$/errors.ts:20:5)
    4.     ...

    Try it out again with the correct permissions by allow-listing instead:

    fetch.ts:

    1. const result = await fetch("https://deno.land/");

    This is an example of how to allow-list hosts/urls:

    Allow net calls to any host/url: