Deno's permission management API. The class which provides the interface for the [`Deno.permissions`](./././~/Deno.permissions) global instance and is based on the web platform [Permissions API](https://developer.mozilla.org/en-US/docs/Web/API/Permissions_API), though some proposed parts of the API which are useful in a server side runtime context were removed or abandoned in the web platform specification which is why it was chosen to locate it in the [`Deno`](./././~/Deno) namespace instead. By default, if the `stdin`/`stdout` is TTY for the Deno CLI (meaning it can send and receive text), then the CLI will prompt the user to grant permission when an un-granted permission is requested. This behavior can be changed by using the `--no-prompt` command at startup. When prompting the CLI will request the narrowest permission possible, potentially making it annoying to the user. The permissions APIs allow the code author to request a wider set of permissions at one time in order to provide a better user experience.

An `EventTarget` returned from the [`Deno.permissions`](./././~/Deno.permissions) API which can provide updates to any state changes of the permission.

The permission descriptor for the `allow-env` and `deny-env` permissions, which controls access to being able to read and write to the process environment variables as well as access other information about the environment. The option `variable` allows scoping the permission to a specific environment variable.

The permission descriptor for the `allow-ffi` and `deny-ffi` permissions, which controls access to loading _foreign_ code and interfacing with it via the [Foreign Function Interface API](https://docs.deno.com/runtime/manual/runtime/ffi_api) available in Deno. The option `path` allows scoping the permission to a specific path on the host.

The permission descriptor for the `allow-net` and `deny-net` permissions, which controls access to opening network ports and connecting to remote hosts via the network. The option `host` allows scoping the permission for outbound connection to a specific host and port.

A set of options which can define the permissions within a test or worker context at a highly specific level.

The interface which defines what event types are supported by `PermissionStatus` instances.

The permission descriptor for the `allow-read` and `deny-read` permissions, which controls access to reading resources from the local host. The option `path` allows scoping the permission to a specific path (and if the path is a directory any sub paths). Permission granted under `allow-read` only allows runtime code to attempt to read, the underlying operating system may apply additional permissions.

The permission descriptor for the `allow-run` and `deny-run` permissions, which controls access to what sub-processes can be executed by Deno. The option `command` allows scoping the permission to a specific executable. **Warning, in practice, `allow-run` is effectively the same as `allow-all` in the sense that malicious code could execute any arbitrary code on the host.**

The permission descriptor for the `allow-sys` and `deny-sys` permissions, which controls access to sensitive host system information, which malicious code might attempt to exploit. The option `kind` allows scoping the permission to a specific piece of information.

The permission descriptor for the `allow-write` and `deny-write` permissions, which controls access to writing to resources from the local host. The option `path` allow scoping the permission to a specific path (and if the path is a directory any sub paths). Permission granted under `allow-write` only allows runtime code to attempt to write, the underlying operating system may apply additional permissions.

Permission descriptors which define a permission and can be queried, requested, or revoked. View the specifics of the individual descriptors for more information about each permission kind.

The name of a privileged feature which needs permission.

Options which define the permissions within a test or worker context. `"inherit"` ensures that all permissions of the parent process will be applied to the test context. `"none"` ensures the test context has no permissions. A `PermissionOptionsObject` provides a more specific set of permissions to the test context.

The current status of the permission: - `"granted"` - the permission has been granted. - `"denied"` - the permission has been explicitly denied. - `"prompt"` - the permission has not explicitly granted nor denied.

Deno's permission management API. It is a singleton instance of the `Permissions` object and is based on the web platform [Permissions API](https://developer.mozilla.org/en-US/docs/Web/API/Permissions_API), though some proposed parts of the API which are useful in a server side runtime context were removed or abandoned in the web platform specification which is why it was chosen to locate it in the [`Deno`](./././~/Deno) namespace instead. By default, if the `stdin`/`stdout` is TTY for the Deno CLI (meaning it can send and receive text), then the CLI will prompt the user to grant permission when an un-granted permission is requested. This behavior can be changed by using the `--no-prompt` command at startup. When prompting the CLI will request the narrowest permission possible, potentially making it annoying to the user. The permissions APIs allow the code author to request a wider set of permissions at one time in order to provide a better user experience. Requesting already granted permissions will not prompt the user and will return that the permission was granted. ### Querying ```ts const status = await Deno.permissions.query({ name: "read", path: "/etc" }); console.log(status.state); ``` ```ts const status = Deno.permissions.querySync({ name: "read", path: "/etc" }); console.log(status.state); ``` ### Revoking ```ts import { assert } from "jsr:@std/assert"; const status = await Deno.permissions.revoke({ name: "run" }); assert(status.state !== "granted") ``` ```ts import { assert } from "jsr:@std/assert"; const status = Deno.permissions.revokeSync({ name: "run" }); assert(status.state !== "granted") ``` ### Requesting ```ts const status = await Deno.permissions.request({ name: "env" }); if (status.state === "granted") { console.log("'env' permission is granted."); } else { console.log("'env' permission is denied."); } ``` ```ts const status = Deno.permissions.requestSync({ name: "env" }); if (status.state === "granted") { console.log("'env' permission is granted."); } else { console.log("'env' permission is denied."); } ```