Reference issue: nodejs/security-wg#791 The tagged issue contains the initial proposal for this MVP. This Pull Request includes the foundation of the Permission Model. Constraints This Permission Model is not bulletproof, which means, there are constraints we agree on before landing this system: It’s not a sandbox, we assume the user trusts in the running code. No break-changes are ideal. It must
Adds util.parseArgs helper for higher level command-line argument parsing. Background There has been an ongoing effort in pkgjs/parseargs to define a command-line argument parsing API for Node.js core. The effort has taken several years to get to this point, with many amazing contributors across a variety of companies and projects: IBM, Microsoft, Google, Shopify, npm, nvm, commander, yargs, just
What is the problem this feature will solve? It is easy to accidentally allow another user to influence what code node loads and executes. Details can be found at HackerOne reports 1564437 (CommonJS module loading), 1564444 (ECMAScript module resolution), and 1564445 (package.json). While these behaviors are documented, the security implications are easy to overlook. Insecure patterns around these
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community. Pick a username Email Address Password Sign up for GitHub By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails. Already on GitHub? Sign in to your account
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く