Testing

go.json

@@ -1,15 +1,15 @@
 {
- "permissions": "/runtime/manual/basics/permissions/",
+ "permissions": "/runtime/fundamentals/permissions/",
  "config": "/runtime/manual/getting_started/configuration_file/",
  "ide": "/runtime/manual/getting_started/setup_your_environment/#using-an-editor%2Fide",
- "--allow-env": "/runtime/manual/basics/permissions/#environment-access",
- "--allow-ffi": "/runtime/manual/basics/permissions/#ffi-(foreign-function-interface)",
- "--allow-hrtime": "/runtime/manual/basics/permissions/#high-resolution-time",
- "--allow-net": "/runtime/manual/basics/permissions/#network-access",
- "--allow-read": "/runtime/manual/basics/permissions/#file-system-read-access",
- "--allow-run": "/runtime/manual/basics/permissions/#running-subprocesses",
- "--allow-sys": "/runtime/manual/basics/permissions/#system-information",
- "--allow-write": "/runtime/manual/basics/permissions/#file-system-write-access",
- "--allow-all": "/runtime/manual/basics/permissions/#all-permissions",
- "--unsafely-ignore-certificate-errors": "/runtime/manual/basics/permissions/#certification-errors"
+ "--allow-env": "/runtime/fundamentals/permissions/#environment-access",
+ "--allow-ffi": "/runtime/fundamentals/permissions/#ffi-(foreign-function-interface)",
+ "--allow-hrtime": "/runtime/fundamentals/permissions/#high-resolution-time",
+ "--allow-net": "/runtime/fundamentals/permissions/#network-access",
+ "--allow-read": "/runtime/fundamentals/permissions/#file-system-read-access",
+ "--allow-run": "/runtime/fundamentals/permissions/#running-subprocesses",
+ "--allow-sys": "/runtime/fundamentals/permissions/#system-information",
+ "--allow-write": "/runtime/fundamentals/permissions/#file-system-write-access",
+ "--allow-all": "/runtime/fundamentals/permissions/#all-permissions",
+ "--unsafely-ignore-certificate-errors": "/runtime/fundamentals/permissions/#certification-errors"
 }

runtime/_data.ts

@@ -5,27 +5,20 @@ export const sidebar = [
  title: "Getting Started",
  items: [
  {
- label: "Quick Start",
- id: "/runtime/manual/",
- },
- {
- label: "Deno Basics",
- items: [
- "/runtime/manual/getting_started/first_steps/",
- "/runtime/manual/getting_started/setup_your_environment/",
- "/runtime/manual/getting_started/command_line_interface/",
- "/runtime/manual/getting_started/configuration_file/",
- "/runtime/manual/getting_started/web_frameworks/",
- "/runtime/manual/basics/permissions/",
- "/runtime/manual/basics/standard_library/",
- "/runtime/manual/basics/import_maps/",
- "/runtime/manual/basics/env_variables/",
- "/runtime/manual/basics/debugging_your_code/",
- "/runtime/manual/basics/connecting_to_databases/",
- "/runtime/manual/basics/react/",
- "/runtime/manual/getting_started/installation/",
- ],
+ label: "Hello World",
+ id: "/runtime/",
  },
+ "/runtime/getting_started/first_project/",
+ "/runtime/getting_started/setup_your_environment/",
+ "/runtime/getting_started/command_line_interface/",
+ ],
+ },
+ {
+ title: "Fundamentals",
+ items: [
+ "/runtime/fundamentals/ts_support/",
+ "/runtime/fundamentals/permissions/",
+ "/runtime/fundamentals/testing/",
  ],
  },
  {
@@ -199,19 +192,6 @@ export const sidebar = [
  },
  ],
  },
- {
- label: "Testing",
- items: [
- "/runtime/manual/basics/testing/",
- "/runtime/manual/basics/testing/assertions/",
- "/runtime/manual/basics/testing/coverage/",
- "/runtime/manual/basics/testing/mocking/",
- "/runtime/manual/basics/testing/sanitizers/",
- "/runtime/manual/basics/testing/documentation/",
- "/runtime/manual/basics/testing/behavior_driven_development/",
- "/runtime/manual/basics/testing/snapshot_testing/",
- ],
- },
  {
  label: "Workspaces",
  id: "/runtime/manual/basics/workspaces/",
@@ -256,8 +236,6 @@ export const sidebar = [
  {
  label: "TypeScript in Deno",
  items: [
- "/runtime/manual/advanced/typescript/overview/",
- "/runtime/manual/advanced/typescript/types/",
  "/runtime/manual/advanced/typescript/configuration/",
  "/runtime/manual/advanced/typescript/migration/",
  "/runtime/manual/advanced/typescript/faqs/",

runtime/fundamentals/_category_.json

@@ -0,0 +1,8 @@
+{
+ "label": "Fundamentals",
+ "position": 2,
+ "link": {
+ "type": "doc",
+ "id": "index"
+ }
+}

runtime/manual/basics/permissions.md → runtime/fundamentals/permissions.md

@@ -3,33 +3,69 @@ title: "Permissions"
 oldUrl:
  - /runtime/manual/basics/permissionsDeno/
  - /manual/basics/permissions
+ - /runtime/manual/basics/permissions
 ---
 
 Deno is secure by default. Therefore, unless you specifically enable it, a
-program run with Deno has no file, network, or environment access. Access to
-security sensitive functionality requires that permissions have been granted to
-an executing script through command line flags, or a runtime permission prompt.
-This is a major difference from Node, where dependencies are automatically
-granting full access to everything, introducing hidden vulnerabilities in your
-project.
+program run with Deno has no access to sensitive APIs, such as file system
+access, network connectivity, or environment access. You must explicitly grant
+access to these resources with command line flags or with the runtime permission
+prompt. This is a major difference from Node, where dependencies are
+automatically granted full access to everything, potentially introducing hidden
+vulnerabilities into your project.
 
-## Run untrusted code with confidence
+## Granting permissions
 
-Since Deno provides no I/O access by default, it's useful for running untrusted
-code and auditing third-party code. If you're building or extending a platform
-that runs user generated code, you can use Deno for running third-party code
-securely and host this code through
-[Deno Subhosting](https://deno.com/subhosting) or any other cloud platform of
-your choice.
-
-For the following example `mod.ts` has been granted read-only access to the file
-system. It cannot write to the file system, or perform any other security
-sensitive functions.
+To grant a permission to a script, you can use the `--allow-<PERMISSION>` flag
+when running the script. For example, to grant read access to the file system,
+you can use the `--allow-read` or short`-R` flag:
 
 ```shell
 deno run --allow-read mod.ts
 ```
 
+`mod.ts` has been granted read-only access to the file system. It cannot write
+to the file system, or perform any other security sensitive functions. For more
+examples of what you can do with different permissions, check out
+[Deno by Example](https://docs.deno.com/examples/).
+
+## Denying permissions
+
+Although permissions are denied by default, you can explicitly deny permissions
+to provide additional security and clarity.
+
+If you use both `--allow-*` and `--deny-*` flags, the deny flags take
+precedence. This allows you to fine-tune permissions more precisely. For
+example, you might allow network access but deny access to specific domains:
+
+```shell
+deno run --allow-net --deny-net=example.com script.ts
+```
+
+Explicitly denying permissions can prevent accidental access to sensitive
+resources, especially in complex projects where multiple scripts and
+dependencies are involved.
+
+```shell
+deno run --allow-read --deny-read=secrets.txt script.ts
+# or
+deno run --allow-read=/Users --deny-read=/Users/baduser script.ts
+```
+
+By explicitly denying permissions, you make your intentions clear in the code.
+This can be useful for documentation or for other developers who might work on
+the project, ensuring they understand which permissions are intentionally
+restricted.
+
+## Run untrusted code with confidence
+
+Since Deno provides no I/O access by default, it is perfect for running
+untrusted code and auditing third-party code. If you're building or extending a
+platform that runs user generated code, you can use Deno for running third-party
+code securely and host this code through
+[Deno Subhosting](https://deno.com/subhosting) or any other cloud platform of
+your choice.
+
 ## Permissions list
 
 The following permissions are available:
@@ -44,11 +80,14 @@ or a deny-list of environment variables.
 > Note for Windows users: environment variables are case insensitive on Windows,
 > so Deno also matches them case insensitively (on Windows only).
 
-Definition: `--allow-env[=<VARIABLE_NAME>...]`
+Definition: `--allow-env[=<VARIABLE_NAME>...]` or `-E[=<VARIABLE_NAME>...]`
 
 ```sh
 # Allow access to all environment variables
+deno run -E script.ts
+# or
 deno run --allow-env script.ts
+
 # Allow HOME and FOO environment variable
 deno run --allow-env=HOME,FOO script.ts
 ```
@@ -58,6 +97,7 @@ Definition: `--deny-env[=<VARIABLE_NAME>...]`
 ```sh
 # Deny access to all environment variables
 deno run --deny-env script.ts
+
 # Deny access to HOME and FOO environment variable
 deno run --deny-env=HOME,FOO script.ts
 ```
@@ -86,6 +126,7 @@ Definition: `--allow-ffi[=<PATH>...]`
 ```sh
 # Allow loading dynamic libraries
 deno run --allow-ffi script.ts
+
 # Allow loading dynamic libraries from a specific path
 deno run --allow-ffi=./libfoo.so script.ts
 ```
@@ -95,6 +136,7 @@ Definition: `--deny-ffi[=<PATH>...]`
 ```sh
 # Deny loading dynamic libraries
 deno run --deny-ffi script.ts
+
 # Deny loading dynamic libraries from a specific path
 deno run --deny-ffi=./libfoo.so script.ts
 ```
@@ -127,17 +169,23 @@ Allow or deny network access. You can specify an optional, comma-separated list
 of IP addresses or hostnames (optionally with ports) to provide an allow-list of
 allowed network addresses or a deny-list of denied network addresses.
 
-Definition: `--allow-net[=<IP_OR_HOSTNAME>...]`
+Definition: `--allow-net[=<IP_OR_HOSTNAME>...]` or `-N[=<IP_OR_HOSTNAME>...]`
 
 ```sh
 # Allow network access
+deno run -N script.ts
+# or
 deno run --allow-net script.ts
+
 # Allow network access to github.com and jsr.io
 deno run --allow-net=github.com,jsr.io script.ts
+
 # A hostname at port 80:
 deno run --allow-net=example.com:80 script.ts
+
 # An IPv4 address on port 443
-deno run --allow-net=1.1.1.1:443 script.ts
+deno run --allow-net=1.1.1.1:443 script.
+
 # An IPv6 address, all ports allowed
 deno run --allow-net=[2606:4700:4700::1111] script.ts
 ```
@@ -147,6 +195,7 @@ Definition: `--deny-net[=<IP_OR_HOSTNAME>...]`
 ```sh
 # Deny network access
 deno run --deny-net script.ts
+
 # Deny network access to github.com and jsr.io
 deno run --deny-net=github.com,jsr.io script.ts
 ```
@@ -160,11 +209,14 @@ Allow or deny file system read access. You can specify an optional,
 comma-separated list of directories or files to provide an allow-list of allowed
 file system access or a deny-list of denied file system access respectively.
 
-Definition: `--allow-read[=<PATH>...]`
+Definition: `--allow-read[=<PATH>...]` or `-R[=<PATH>...]`
 
 ```sh
 # Allow all reads from file system
+deno run -R script.ts
+# or 
 deno run --allow-read script.ts
+
 # Allow reads from file foo.txt and bar.txt only
 deno run --allow-read=foo.txt,bar.txt script.ts
 ```
@@ -174,6 +226,7 @@ Definition: `--deny-read[=<PATH>...]`
 ```sh
 # Deny reads from file system
 deno run --deny-read script.ts
+
 # Deny reads from file foo.txt and bar.txt only
 deno run --deny-read=foo.txt,bar.txt script.ts
 ```
@@ -208,6 +261,7 @@ Definition: `--allow-run[=<PROGRAM_NAME>...]`
 ```sh
 # Allow running subprocesses
 deno run --allow-run script.ts
+
 # Allow running "whoami" and "ps" subprocesses
 deno run --allow-run="whoami,ps" script.ts
 ```
@@ -217,6 +271,7 @@ Definition: `--deny-run[=<PROGRAM_NAME>...]`
 ```sh
 # Deny running subprocesses
 deno run --deny-run script.ts
+
 # Deny running "whoami" and "ps" subprocesses
 deno run --deny-run="whoami,ps" script.ts
 ```
@@ -234,11 +289,14 @@ comma-separated list of allowed interfaces from the following list: `hostname`,
 provide OS info, like
 [Deno.systemMemoryInfo](https://docs.deno.com/api/deno/~/Deno.SystemMemoryInfo).
 
-Definition: `--allow-sys[=<API_NAME>...]`
+Definition: `--allow-sys[=<API_NAME>...]` or `-S[=<API_NAME>...]`
 
 ```sh
 # Allow all system information APIs
+deno run -S script.ts
+# or
 deno run --allow-sys script.ts
+
 # Allow systemMemoryInfo and osRelease APIs
 deno run --allow-sys="systemMemoryInfo,osRelease" script.ts
 ```
@@ -248,6 +306,7 @@ Definition: `--deny-sys[=<API_NAME>...]`
 ```sh
 # Deny all system information APIs
 deno run --deny-sys script.ts
+
 # Deny systemMemoryInfo and osRelease APIs
 deno run --deny-sys="systemMemoryInfo,osRelease" script.ts
 ```
@@ -258,11 +317,14 @@ Allow or deny file system write access. You can specify an optional,
 comma-separated list of directories or files to provide an allow-list of allowed
 file system access or a deny-list of denied file system access respectively.
 
-Definition: `--allow-write[=<PATH>...]`
+Definition: `--allow-write[=<PATH>...]` or `-W[=<PATH>...]`
 
 ```sh
 # Allow all writes to file system
+deno run -W script.ts
+# or 
 deno run --allow-write script.ts
+
 # Allow writes to file foo.txt and bar.txt only
 deno run --allow-write=foo.txt,bar.txt script.ts
 ```