Execute permissions should also be an option to turn off imho (the ability to exec/spawn other executables etc). Since then you could just execute something that can do what you cannot.

I still think I’d like something akin to npm, or npm itself with this as I’d still like to be able to bring modules in, but then execute against the relative path to those modules.

The remote only option for modules would be something else I’d like to see refactored. Although https://…/git-repo#tag/index.ts isn’t significantly worse, but it does make auditing includes on a holistic level harder to do.

Bundling/building for client-side use or re-distribution is another issue, but browsers are now moving in that direction with modules anyway… you would just need a server that would translate the typescript to a javascript module for the browser to consume.