I've been toying with the idea of a language whose packages have to declare which "permissions" they require (file io, network access, shell...) and devs have to specify which permissions they give to their dependencies.

Java has Security Managers. I've never seen anyone use it in practice though, so it probably doesn't work very well.

I think it would be hard to get any kind of usable capability system without algebraic effects like those of Koka or Scala libraries.

EDIT: Apparently Security Managers are deprecated and slated for removal.