Welcome to Jurassic Park: A Comprehensive Study of Security Risks in Deno and its Ecosystem
Abdullah AlHamdan
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · JavaScript Security
This talk, "Welcome to Jurassic Park: A Comprehensive Study of Security Risks in Deno and its Ecosystem," delivered by Abdullah AlHamdan at the NDSS Symposium, delves into the security landscape of Deno, an emerging JavaScript runtime designed with a strong emphasis on security. Deno distinguishes itself from its predecessor, NodeJS, by integrating memory-safe Rust for its core APIs, implementing a robust permission system that intercepts sensitive system calls, and supporting a decentralized software supply chain through arbitrary URL imports. The talk aims to critically evaluate whether Deno truly delivers on its promise of enhanced security, addressing the inherent complexities and vulnerabilities that arise from its unique architectural choices.
AI review
Legitimate academic security research that earned a CVE and produced empirical supply chain data — this is real work, not a vendor slide deck. The static import permission escape is genuinely interesting and the supply chain availability study is methodologically sound. But the overall contribution sits comfortably in 'solid conference paper' territory rather than field-defining research.