Sudo and its alternatives

I've written several authz engines in my career, and my personal belief is that you need an almost Turing-complete language to express authorization rules. Systems that try to do that purely declaratively always end up being horrifying messes of ad-hoc features (AWS IAM, I'm looking at YOU!).

And if you're going to use a Turing-complete language, then JavaScript is as good as any other choice. I personally would have chosen Lua, but whatever. JS is good enough.

Keep in mind, that it does not need to deal with untrusted source code, because policies are shipped as a part of the packages that use them. In that regard, they are similar to /etc/sudoers.