PermissionDenied: Requires read access

Deno is secure by default — you need to explicitly grant permissions.

Why this happens

Unlike Node.js, Deno runs with no file system, network, or environment access by default. Every sensitive operation requires an explicit permission flag at startup. This is a deliberate security design — if a dependency tries to read files or make network requests, it can’t do so unless you’ve opted in. The error tells you exactly which permission is missing.

Fix 1: Add permission flags

# ❌ No permissions
deno run app.ts

# ✅ Grant specific permissions
deno run --allow-read --allow-net app.ts

# ✅ Grant all (development only)
deno run -A app.ts

Fix 2: Common permission flags

--allow-read     # File system read
--allow-write    # File system write
--allow-net      # Network access
--allow-env      # Environment variables
--allow-run      # Run subprocesses

Fix 3: Limit scope

# Only allow reading from specific directory
deno run --allow-read=./data app.ts

# Only allow network to specific hosts
deno run --allow-net=api.example.com app.ts

Alternative solutions

Use a deno.json configuration file with a task runner so you don’t have to remember flags every time:

{
  "tasks": {
    "dev": "deno run --allow-read --allow-net --allow-env app.ts",
    "start": "deno run --allow-read=./data --allow-net=api.example.com app.ts"
  }
}

Then run deno task dev or deno task start.

Prevention

• Never use -A (allow all) in production — always specify the minimum permissions your app needs with scoped flags.
• Define your permission flags in deno.json tasks so they’re documented and consistent across your team.

Related: Bun vs Node · JavaScript Array Methods Cheat Sheet