To make using node-safe more frictionless we could add support for a "default" ~/.node-safe/.node-safe.json file.
Whenever node-safe (or node when using the shell integration) or the package managers are called and no custom permissions (cli, envs, local .node-safe.json) are found we could fallback to that global default config.
The config itself would use permissive [project]/** permissions, which mean they would allow most things but confine them to the project directory (the one that contains the package.json or the cwd if no package.json is found).
That would result in much better security by default, while not necessarily having to configure anything for typical projects (which would still be possible though).
Note: If in addition custom permissions are provided (cli, envs, local .node-safe.json) we would ignore the default file and not merge it, as otherwise we'd need to support disable-net commands and the like.
To make using
node-safe
more frictionless we could add support for a "default"~/.node-safe/.node-safe.json
file.Whenever
node-safe
(ornode
when using the shell integration) or the package managers are called and no custom permissions (cli, envs, local.node-safe.json
) are found we could fallback to that global default config.The config itself would use permissive
[project]/**
permissions, which mean they would allow most things but confine them to the project directory (the one that contains thepackage.json
or thecwd
if nopackage.json
is found).That would result in much better security by default, while not necessarily having to configure anything for typical projects (which would still be possible though).
Note: If in addition custom permissions are provided (cli, envs, local
.node-safe.json
) we would ignore the default file and not merge it, as otherwise we'd need to supportdisable-net
commands and the like.Possible default permissions: