Here's the set of new deny flags, which have higher precedence over allow flags:
--deny-env=
--deny-sys=
--deny-hrtime
--allow-net=
--deny-ffi=
--deny-read=
--deny-run=
--deny-write=
Learn more here: https://deno.land/manual/basics/permissions
Discussion
Being able to specify a read/write path is where it's at.
nostr:npub1pgs0t3ppz4wtsnpkh4aqfxgy6u644ntkzg4ju6gha2v6qsvpltaqt7gyss what are some real world use cases for allowing all but certain resources?