console.blog(
In defining the algorithm to resolve a module specifier, the HTML specification supports treating a specifier as a URL-like module specifier, which in turn will eventually parse the specifier as a basic URL.
Go ahead, try it!
Open your developer console in this tab right now and paste in:
var { html, render } = await import( "https://esm.sh/lit-html" );
var c = document.querySelector( ".post.long" );
c.replaceChildren( "" );
render( html`<div>This is my blog now lol</div>`, c );
For a moment, we could imagine that these individuals had each said something like:
Of the available server or local JavaScript interpreter runtimes, Deno is the only one that allows arbitrary code execution based on a URL.
THAT is a true statement! Of the JavaScript runtimes available to run on your computer or your server, the only one (that I know of) that allows you to paste a URL in and immediately executes that code in the context of your machine is Deno.
It is not true that this is a feature exclusive to either Typescript or Deno, since the HTML specification has also enabled module loading using URLs. HTML has enabled it because the browser security sandbox is one of the most well fortified security firewalls ever created.
If - in the course of writing something that runs on your computer - you find that you have the need to download and execute arbitrary remote code at runtime, I would strongly suggest you re-think all of the decisions that led you to this point. Hopefully it was just one or two, and you can backtrack quickly.