Deno 2.6 has been released with a new tool, dx, that is an equivalent to npx and is a way to run binaries from npm and JSR packages.

Deno is built in Rust, and is described as secure by default as it has no file, network, or environment access, unless explicitly enabled. 

The first addition to this release is the new tool, dx. The Deno team says that more experienced users might recognize that dx works similarly to deno run. However, there are differences, specifically in the way it handles permissions and defaults. dx defaults to --allow-all permissions, unless another permission flag is passed. It prompts you before downloading a package, and defaults to npm:<package_name> unless otherwise specified. The aim of the addition is to provide Deno users with the convenience of npx while making use of Deno's robust security model and performance optimizations.

This release also adds more granular control over permissions, with new flags that can be used to selectively ignore certain file reads or environment variable access. Instead of throwing NotCapable error, you can instead direct Deno to return NotFound error and undefined respectively. These new flags allow more flexibility when running untrusted code.

Another improvement is the addition of a new experimental type checker for TypeScript written in Go. The new type checker, tsgo, is described as being significantly faster than the previous implementation, which was written in TypeScript. 

Deno 2.6 also includes a new JavaScript feature called source phase imports. These are a new kind of import that instead of giving you a live module instance, give the user the raw source representation of a module. In the case of Wasm, that means you can import the compiled Wasm.Module directly as part of your build step, without having to fetch the file at runtime.

Another improvement of note is a new deno audit subcommand, which helps you identify security vulnerabilities in your dependencies by checking GitHub CVE database. The Deno developers say this is one of the most important additions to this release. The command scans and generates a report for both JSR and npm packages. The new version also comes with an experimental deno audit --socket flag that integrates with socket.dev. 

Deno 2.6 is available now.

More Information

Deno Website

Related Articles

Deno 2 Release Candidate Ready

Deno Adds Support For Private npm Registries

Deno Improves JSR Support 

Deno Supports Built-in Node Modules 

Deno 1.28 Stabilizes NPM Compatibility 

Deno Joins ECMA

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info