This needs to be solved at the language level by defining whitelist-like contexts. Some sort of

  with MyContext(allow_sys_cmds=false, network=false, read_disk=false):
     ...

I've seen at least a paper trying to bolt-on such a feature on golang but it's way too convoluted. Of course this doesn't solve everything, especially for languages with magic/collateral effects like running logic on module import.

▲ Yoric 4 hours ago | parent | next [-]

For context, it's called "an effect system". IIRC, these were developed in the 80s-90s, but as far as I know, OCaml is the only industrial language that offers any kind of support for effects.

	▲	jimbohn 4 hours ago \| parent [-]
		Didn't know about the terminology, thanks!

▲ cyphar 4 hours ago | parent | prev [-]

> I've seen at least a paper trying to bolt-on such a feature on golang but it's way too convoluted.

A friend of mine has been working on [1] which is a less computer-sciency solution to the problem for Go modules that doesn't require adding effects to the type system (to be a bit snarky -- good luck getting more type changes into Go, it might take another 3 decades).

[1]: https://github.com/AkihiroSuda/gomodjail