Anonymous
11/1/2025, 7:29:09 PM
No.107074131
>>107073915
tl;dr there isn't one
to install deno on linux you just run a simple install script. not really sure why you're so hung up on it being written in rust. most people just use software without caring what language it was written in
bun also requires just running an install script. it's written in C++
quickjs publishes binary releases so i think you should be able to just get one of them and use it
node is probably the most annoying one. the "official" instructions are to use `nvm` (node version manager). you just run an install script and then run `nvm install node` which will automatically pull in the latest version
the only one of these that has extensive sandboxing is deno ( https://docs.deno.com/runtime/fundamentals/security/ ). node has some very rudimentary sandboxing ( https://nodejs.org/api/permissions.html ). quickjs and bun don't have any built-in sandboxing. i think in theory all of these can be sandboxed with a library/plugin that intercepts e.g. fs.write calls but it sounds like a lot of effort for something that will end up being really brittle
finally, i don't know if i'd trust even deno's sandboxing. it's just a very nontrivial problem and i don't think they solved it. in 2024 there were a few vulnerabilities that let you by pass the sandbox ( https://secfault-security.com/blog/deno.html ). they're fixed by now but it's just a sign of what things are like. if you really need it to be properly sandboxed, i think your only option is to run it in docker or a VM. yes it's a huge pain but that's just the way it is
tl;dr there isn't one
to install deno on linux you just run a simple install script. not really sure why you're so hung up on it being written in rust. most people just use software without caring what language it was written in
bun also requires just running an install script. it's written in C++
quickjs publishes binary releases so i think you should be able to just get one of them and use it
node is probably the most annoying one. the "official" instructions are to use `nvm` (node version manager). you just run an install script and then run `nvm install node` which will automatically pull in the latest version
the only one of these that has extensive sandboxing is deno ( https://docs.deno.com/runtime/fundamentals/security/ ). node has some very rudimentary sandboxing ( https://nodejs.org/api/permissions.html ). quickjs and bun don't have any built-in sandboxing. i think in theory all of these can be sandboxed with a library/plugin that intercepts e.g. fs.write calls but it sounds like a lot of effort for something that will end up being really brittle
finally, i don't know if i'd trust even deno's sandboxing. it's just a very nontrivial problem and i don't think they solved it. in 2024 there were a few vulnerabilities that let you by pass the sandbox ( https://secfault-security.com/blog/deno.html ). they're fixed by now but it's just a sign of what things are like. if you really need it to be properly sandboxed, i think your only option is to run it in docker or a VM. yes it's a huge pain but that's just the way it is