The main thing I want from Deno is per dependency sandboxing. They let you enable file system or internet access for the whole project, but that's basically useless in most of my usecases. If I could whitelist the couple of dependencies that might need http access or whatever, that'd be great.
While there's no realistic way to provide a security boundary between JavaScript modules, Workers are a possibility [1].
The code with the more restricted set of permissions must run in the Worker. That code then communicates with the rest of your app through postMessage / SharedArrayBuffer, perhaps using ComLink [2].
[1] https://deno.land/[email protected]/runtime/workers#specifying-...