kriskowal
commented
4 years ago cc @kumavis
Closed kriskowal closed 10 months ago
kriskowal
commented
4 years ago cc @kumavis
erights
commented
4 years ago I suggest that anything that steps off the basic path, including any intermediation, lose support for live bindings. We should start with that, and see if it ever hurts. If it does, then we can use the specifics to help figure out how we should cope with that.
kriskowal
commented
10 months ago Tagging for consideration whether to close as wontfix, punt, or prioritize. My sense is that this is not motivated at this time. Attn @kumavis
kumavis
commented
10 months ago punting into stratosphere. lets reopen when we have a active motivation to
LavaMoat needs the ability to interject wrappers between some modules, depending on the compartments of the module and referrer. Sometimes this hook would be used to harden objects that cross the boundary. Others, it would be used to apply a membrane (with some distortion). In as many cases as possible, the hook would pass values unmodified, depending on vetted modules to intermediate with defensive API’s.
It would be sufficient for any third-party module to create a static module record decorator that wraps the
executemethod. However, to support live bindings between any pair of ECMAScript modules, it would be necessary to pass notifications through the “membrane hook”.