From 7ca753166f8c493365aba703f85d7c837f2579a6 Mon Sep 17 00:00:00 2001 From: Matteo Collina Date: Wed, 25 Dec 2024 12:22:25 +0100 Subject: [PATCH] doc: clarify that WASM is trusted MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Matteo Collina PR-URL: https://github.com/nodejs/node/pull/56345 Reviewed-By: Michael Dawson Reviewed-By: Marco Ippolito Reviewed-By: Ulises Gascón Reviewed-By: Luigi Pinca Reviewed-By: Rafael Gonzaga Reviewed-By: Antoine du Hamel --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 19e876939f0f55..a551179c625a43 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -111,8 +111,8 @@ lead to a loss of confidentiality, integrity, or availability. 1. The developers and infrastructure that runs it. 2. The operating system that Node.js is running under and its configuration, along with anything under control of the operating system. -3. The code it is asked to run, including JavaScript and native code, even if - said code is dynamically loaded, e.g., all dependencies installed from the +3. The code it is asked to run, including JavaScript, WASM and native code, even + if said code is dynamically loaded, e.g., all dependencies installed from the npm registry. The code run inherits all the privileges of the execution user. 4. Inputs provided to it by the code it is asked to run, as it is the