-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src,lib: stabilize permission model #56201
src,lib: stabilize permission model #56201
Conversation
Review requested:
|
The
notable-change
Please suggest a text for the release notes if you'd like to include a more detailed summary, then proceed to update the PR description with the text or a link to the notable change suggested text comment. Otherwise, the commit will be placed in the Other Notable Changes section. |
1a47bad
to
e1d0505
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #56201 +/- ##
=======================================
Coverage 88.53% 88.53%
=======================================
Files 657 657
Lines 189858 189899 +41
Branches 36450 36464 +14
=======================================
+ Hits 168089 168130 +41
- Misses 14973 14977 +4
+ Partials 6796 6792 -4
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
You could add a flag alias so this is not |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Move permission model from 1.1 (Active Development) to 2.0 (Stable).
d45ac4b
to
b00914b
Compare
Landed in be04d06 |
Move permission model from 1.1 (Active Development) to 2.0 (Stable). PR-URL: #56201 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Santiago Gimeno <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Stephen Belanger <[email protected]>
Notable changes: crypto: * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 doc: * stabilize util.styleText (Rafael Gonzaga) #56265 module: * (SEMVER-MINOR) add prefix-only modules to `module.builtinModules` (Jordan Harband) #56185 * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698 * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698 report: * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 sqlite: * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 src,lib: * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201 stream: * (SEMVER-MINOR) handle generator destruction from Duplex.from() (Matthieu Sieben) #55096 PR-URL: #56310
Notable changes: crypto: * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 doc: * stabilize util.styleText (Rafael Gonzaga) #56265 module: * (SEMVER-MINOR) add prefix-only modules to `module.builtinModules` (Jordan Harband) #56185 * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698 * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698 report: * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 sqlite: * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 src,lib: * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201 stream: * (SEMVER-MINOR) handle generator destruction from Duplex.from() (Matthieu Sieben) #55096 PR-URL: TODO
Notable changes: crypto: * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 doc: * stabilize util.styleText (Rafael Gonzaga) #56265 module: * (SEMVER-MINOR) add prefix-only modules to `module.builtinModules` (Jordan Harband) #56185 * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698 * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698 report: * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 sqlite: * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 src,lib: * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201 stream: * (SEMVER-MINOR) handle generator destruction from Duplex.from() (Matthieu Sieben) #55096 PR-URL: #56310
Move permission model from 1.1 (Active Development) to 2.0 (Stable). PR-URL: #56201 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Santiago Gimeno <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Stephen Belanger <[email protected]>
Notable changes: crypto: * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 dgram: * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087 doc: * stabilize util.styleText (Rafael Gonzaga) #56265 module: * (SEMVER-MINOR) add prefix-only modules to `module.builtinModules` (Jordan Harband) #56185 * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698 * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698 report: * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 sqlite: * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 src,lib: * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201 PR-URL: #56310
Notable changes: crypto: * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 dgram: * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087 doc: * stabilize util.styleText (Rafael Gonzaga) #56265 module: * (SEMVER-MINOR) add prefix-only modules to `module.builtinModules` (Jordan Harband) #56185 * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 * (SEMVER-MINOR) use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) #55698 * (SEMVER-MINOR) implement module.registerHooks() (Joyee Cheung) #55698 report: * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 sqlite: * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 src,lib: * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201 PR-URL: #56310
Move permission model from 1.1 (Active Development) to 2.0 (Stable). PR-URL: #56201 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Santiago Gimeno <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Stephen Belanger <[email protected]>
Notable changes: assert: * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630 cli: * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604 crypto: * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 dgram: * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087 doc: * stabilize util.styleText (Rafael Gonzaga) #56265 * move typescript support to active development (Marco Ippolito) #55536 * add LJHarb to collaborators (Jordan Harband) #56132 * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697 * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697 doc,lib,src,test: * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890 module: * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282 * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412 * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412 net: * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075 * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076 * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078 * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079 process: * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545 report: * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 sqlite: * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213 src: * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697 src,lib: * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201 util: * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589 PR-URL: TODO
Notable changes: assert: * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630 cli: * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604 crypto: * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 dgram: * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087 doc: * stabilize util.styleText (Rafael Gonzaga) #56265 * move typescript support to active development (Marco Ippolito) #55536 * add LJHarb to collaborators (Jordan Harband) #56132 * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697 * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697 doc,lib,src,test: * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890 module: * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282 * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412 * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412 net: * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075 * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076 * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078 * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079 process: * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545 report: * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 sqlite: * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213 src: * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697 src,lib: * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201 util: * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589 PR-URL: TODO
Notable changes: assert: * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630 cli: * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604 crypto: * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 dgram: * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087 doc: * stabilize util.styleText (Rafael Gonzaga) #56265 * move typescript support to active development (Marco Ippolito) #55536 * add LJHarb to collaborators (Jordan Harband) #56132 * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697 * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697 doc,lib,src,test: * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890 module: * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282 * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412 * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412 net: * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075 * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076 * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078 * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079 process: * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545 report: * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 sqlite: * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213 src: * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697 src,lib: * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201 util: * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589 PR-URL: #56329
Move permission model from 1.1 (Active Development) to 2.0 (Stable). PR-URL: #56201 Reviewed-By: Yagiz Nizipli <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Santiago Gimeno <[email protected]> Reviewed-By: Marco Ippolito <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Stephen Belanger <[email protected]>
Notable changes: assert: * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630 cli: * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604 crypto: * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 dgram: * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087 doc: * stabilize util.styleText (Rafael Gonzaga) #56265 * move typescript support to active development (Marco Ippolito) #55536 * add LJHarb to collaborators (Jordan Harband) #56132 * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697 * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697 doc,lib,src,test: * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890 module: * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282 * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412 * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412 net: * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075 * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076 * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078 * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079 process: * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545 report: * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 sqlite: * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213 src: * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697 src,lib: * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201 util: * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589 PR-URL: #56329
Notable changes: assert: * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630 cli: * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604 crypto: * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 dgram: * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087 doc: * stabilize util.styleText (Rafael Gonzaga) #56265 * move typescript support to active development (Marco Ippolito) #55536 * add LJHarb to collaborators (Jordan Harband) #56132 * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697 * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697 doc,lib,src,test: * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890 module: * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282 * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412 * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412 net: * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075 * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076 * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078 * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079 process: * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545 report: * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 sqlite: * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213 src: * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697 src,lib: * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201 util: * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589 PR-URL: #56329
Notable changes: assert: * (SEMVER-MINOR) add partialDeepStrictEqual (Giovanni Bucci) #54630 cli: * (SEMVER-MINOR) implement --trace-env and --trace-env-[js|native]-stack (Joyee Cheung) #55604 crypto: * graduate WebCryptoAPI Ed25519 and X25519 algorithms as stable (Filip Skokan) #56142 dgram: * (SEMVER-MINOR) support blocklist in udp (theanarkh) #56087 doc: * stabilize util.styleText (Rafael Gonzaga) #56265 * move typescript support to active development (Marco Ippolito) #55536 * add LJHarb to collaborators (Jordan Harband) #56132 * (SEMVER-MINOR) add report version and history section (Chengzhong Wu) #55697 * (SEMVER-MINOR) sort --report-exclude alphabetically (Rafael Gonzaga) #55697 doc,lib,src,test: * (SEMVER-MINOR) unflag sqlite module (Colin Ihrig) #55890 module: * (SEMVER-MINOR) only emit require(esm) warning under --trace-require-module (Joyee Cheung) #56194 * (SEMVER-MINOR) add module.stripTypeScriptTypes (Marco Ippolito) #55282 * (SEMVER-MINOR) simplify `findPackageJSON` implementation (Antoine du Hamel) #55412 * (SEMVER-MINOR) add `findPackageJSON` util (Jacob Smith) #55412 net: * (SEMVER-MINOR) support blocklist in net.connect (theanarkh) #56075 * (SEMVER-MINOR) add SocketAddress.parse (James M Snell) #56076 * (SEMVER-MINOR) add net.BlockList.isBlockList(value) (James M Snell) #56078 * (SEMVER-MINOR) support blocklist for net.Server (theanarkh) #56079 process: * (SEMVER-MINOR) deprecate `features.{ipv6,uv}` and `features.tls_*` (René) #55545 report: * (SEMVER-MINOR) fix typos in report keys and bump the version (Yuan-Ming Hsu) #56068 sqlite: * (SEMVER-MINOR) aggregate constants in a single property (Edigleysson Silva (Edy)) #56213 * (SEMVER-MINOR) add `StatementSync.prototype.iterate` method (tpoisseau) #54213 src: * (SEMVER-MINOR) add cli option to preserve env vars on dr (Rafael Gonzaga) #55697 src,lib: * (SEMVER-MINOR) stabilize permission model (Rafael Gonzaga) #56201 util: * (SEMVER-MINOR) add sourcemap support to getCallSites (Marco Ippolito) #55589 PR-URL: #56329
This MR contains the following updates: | Package | Update | Change | |---|---|---| | [node](https://nodejs.org) ([source](https://github.com/nodejs/node)) | minor | `23.4.0` -> `23.5.0` | MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot). **Proposed changes to behavior should be submitted there as MRs.** --- ### Release Notes <details> <summary>nodejs/node (node)</summary> ### [`v23.5.0`](https://github.com/nodejs/node/releases/tag/v23.5.0): 2024-12-19, Version 23.5.0 (Current), @​aduh95 [Compare Source](nodejs/node@v23.4.0...v23.5.0) ##### Notable Changes ##### WebCryptoAPI [`Ed25519`](nodejs/node@Ed25519) and X25519 algorithms are now stable Following the merge of Curve25519 into the [Web Cryptography API Editor's Draft](https://w3c.github.io/webcrypto/) the `Ed25519` and `X25519` algorithm identifiers are now stable and will no longer emit an ExperimentalWarning upon use. Contributed by Filip Skokan in [#​56142](nodejs/node#56142). ##### On-thread hooks are back This release introduces `module.registerHooks()` for registering module loader customization hooks that are run for all modules loaded by `require()`, `import` and functions returned by `createRequire()` in the same thread, which makes them easier for CJS monkey-patchers to migrate to. ```mjs import assert from 'node:assert'; import { registerHooks, createRequire } from 'node:module'; import { writeFileSync } from 'node:fs'; writeFileSync('./bar.js', 'export const id = 123;', 'utf8'); registerHooks({ resolve(specifier, context, nextResolve) { const replaced = specifier.replace('foo', 'bar'); return nextResolve(replaced, context); }, load(url, context, nextLoad) { const result = nextLoad(url, context); return { ...result, source: result.source.toString().replace('123', '456'), }; }, }); // Checks that it works with require. const require = createRequire(import.meta.url); const required = require('./foo.js'); // Redirected by resolve hook to bar.js assert.strictEqual(required.id, 456); // Replaced by load hook to 456 // Checks that it works with import. const imported = await import('./foo.js'); // Redirected by resolve hook to bar.js assert.strictEqual(imported.id, 456); // Replaced by load hook to 456 ``` This complements the `module.register()` hooks - the new hooks fit better internally and cover all corners in the module graph; whereas `module.register()` previously could not cover `require()` while it was on-thread, and still cannot cover `createRequire()` after being moved off-thread. They are also run in the same thread as the modules being loaded and where the hooks are registered, which means they are easier to debug (no more `console.log()` getting lost) and do not have the many deadlock issues haunting the `module.register()` hooks. The new API also takes functions directly so that it's easier for intermediate loader packages to take user options from files that the hooks can't be aware of, like many existing CJS monkey-patchers do. Contributed by Joyee Cheung in [#​55698](nodejs/node#55698). ##### Other notable changes - \[[`59cae91465`](nodejs/node@59cae91465)] - **(SEMVER-MINOR)** **dgram**: support blocklist in udp (theanarkh) [#​56087](nodejs/node#56087) - \[[`72f79b44ed`](nodejs/node@72f79b44ed)] - **doc**: stabilize util.styleText (Rafael Gonzaga) [#​56265](nodejs/node#56265) - \[[`b5a2c0777d`](nodejs/node@b5a2c0777d)] - **(SEMVER-MINOR)** **module**: add prefix-only modules to `module.builtinModules` (Jordan Harband) [#​56185](nodejs/node#56185) - \[[`9863d27566`](nodejs/node@9863d27566)] - **(SEMVER-MINOR)** **module**: only emit require(esm) warning under --trace-require-module (Joyee Cheung) [#​56194](nodejs/node#56194) - \[[`8e780bc5ae`](nodejs/node@8e780bc5ae)] - **(SEMVER-MINOR)** **module**: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) [#​55698](nodejs/node#55698) - \[[`65bc8e847f`](nodejs/node@65bc8e847f)] - **(SEMVER-MINOR)** **report**: fix typos in report keys and bump the version (Yuan-Ming Hsu) [#​56068](nodejs/node#56068) - \[[`0ab36e1937`](nodejs/node@0ab36e1937)] - **(SEMVER-MINOR)** **sqlite**: aggregate constants in a single property (Edigleysson Silva (Edy)) [#​56213](nodejs/node#56213) - \[[`efcc5d90c5`](nodejs/node@efcc5d90c5)] - **(SEMVER-MINOR)** **src,lib**: stabilize permission model (Rafael Gonzaga) [#​56201](nodejs/node#56201) ##### Commits - \[[`2314e4916e`](nodejs/node@2314e4916e)] - **assert**: make Maps be partially compared in partialDeepStrictEqual (Giovanni Bucci) [#​56195](nodejs/node#56195) - \[[`cfbdff7b45`](nodejs/node@cfbdff7b45)] - **assert**: make partialDeepStrictEqual work with ArrayBuffers (Giovanni Bucci) [#​56098](nodejs/node#56098) - \[[`f264dd6d20`](nodejs/node@f264dd6d20)] - **buffer**: document concat zero-fill (Duncan) [#​55562](nodejs/node#55562) - \[[`4831b87d83`](nodejs/node@4831b87d83)] - **build**: set DESTCPU correctly for 'make binary' on loongarch64 (吴小白) [#​56271](nodejs/node#56271) - \[[`1497bb405e`](nodejs/node@1497bb405e)] - **build**: fix missing fp16 dependency in d8 builds (Joyee Cheung) [#​56266](nodejs/node#56266) - \[[`445c8c7489`](nodejs/node@445c8c7489)] - **build**: add major release action (Rafael Gonzaga) [#​56199](nodejs/node#56199) - \[[`f4faedfa69`](nodejs/node@f4faedfa69)] - **build**: fix C string encoding for `PRODUCT_DIR_ABS` (Anna Henningsen) [#​56111](nodejs/node#56111) - \[[`6f49c8006c`](nodejs/node@6f49c8006c)] - **build**: use variable for simdutf path (Shelley Vohr) [#​56196](nodejs/node#56196) - \[[`fcaa2c82a6`](nodejs/node@fcaa2c82a6)] - **build**: fix GN build on macOS (Joyee Cheung) [#​56141](nodejs/node#56141) - \[[`08e5309f4f`](nodejs/node@08e5309f4f)] - ***Revert*** "**build**: avoid compiling with VS v17.12" (Gerhard Stöbich) [#​56151](nodejs/node#56151) - \[[`c2fb38cfdf`](nodejs/node@c2fb38cfdf)] - **crypto**: graduate WebCryptoAPI [`Ed25519`](nodejs/node@Ed25519) and X25519 algorithms as stable (Filip Skokan) [#​56142](nodejs/node#56142) - \[[`8658833884`](nodejs/node@8658833884)] - **deps**: update nghttp3 to 1.6.0 (Node.js GitHub Bot) [#​56258](nodejs/node#56258) - \[[`7c941d4610`](nodejs/node@7c941d4610)] - **deps**: update simdutf to 5.6.4 (Node.js GitHub Bot) [#​56255](nodejs/node#56255) - \[[`4e9113eada`](nodejs/node@4e9113eada)] - **deps**: update libuv to 1.49.2 (Luigi Pinca) [#​56224](nodejs/node#56224) - \[[`db6aba12e4`](nodejs/node@db6aba12e4)] - **deps**: update c-ares to v1.34.4 (Node.js GitHub Bot) [#​56256](nodejs/node#56256) - \[[`25bb462bc2`](nodejs/node@25bb462bc2)] - **deps**: define V8\_PRESERVE_MOST as no-op on Windows (Stefan Stojanovic) [#​56238](nodejs/node#56238) - \[[`54308c51bb`](nodejs/node@54308c51bb)] - **deps**: update sqlite to 3.47.2 (Node.js GitHub Bot) [#​56178](nodejs/node#56178) - \[[`59cae91465`](nodejs/node@59cae91465)] - **(SEMVER-MINOR)** **dgram**: support blocklist in udp (theanarkh) [#​56087](nodejs/node#56087) - \[[`52c18e605e`](nodejs/node@52c18e605e)] - **doc**: fix color contrast issue in light mode (Rich Trott) [#​56272](nodejs/node#56272) - \[[`72f79b44ed`](nodejs/node@72f79b44ed)] - **doc**: stabilize util.styleText (Rafael Gonzaga) [#​56265](nodejs/node#56265) - \[[`0d08756d0c`](nodejs/node@0d08756d0c)] - **doc**: clarify util.aborted resource usage (Kunal Kumar) [#​55780](nodejs/node#55780) - \[[`f94f21080b`](nodejs/node@f94f21080b)] - **doc**: add esm examples to node:repl (Alfredo González) [#​55432](nodejs/node#55432) - \[[`7a10ef88d9`](nodejs/node@7a10ef88d9)] - **doc**: add esm examples to node:readline (Alfredo González) [#​55335](nodejs/node#55335) - \[[`cc7a7c391b`](nodejs/node@cc7a7c391b)] - **doc**: fix 'which' to 'that' and add commas (Selveter Senitro) [#​56216](nodejs/node#56216) - \[[`c5b086250e`](nodejs/node@c5b086250e)] - **doc**: fix winget config path (Alex Yang) [#​56233](nodejs/node#56233) - \[[`71c38a24d4`](nodejs/node@71c38a24d4)] - **doc**: add esm examples to node:tls (Alfredo González) [#​56229](nodejs/node#56229) - \[[`394fffbbde`](nodejs/node@394fffbbde)] - **doc**: add esm examples to node:perf_hooks (Alfredo González) [#​55257](nodejs/node#55257) - \[[`7b2a6ee61e`](nodejs/node@7b2a6ee61e)] - **doc**: `sea.getRawAsset(key)` always returns an ArrayBuffer (沈鸿飞) [#​56206](nodejs/node#56206) - \[[`8092dcf27e`](nodejs/node@8092dcf27e)] - **doc**: update announce documentation for releases (Rafael Gonzaga) [#​56200](nodejs/node#56200) - \[[`2974667815`](nodejs/node@2974667815)] - **doc**: update blog link to /vulnerability (Rafael Gonzaga) [#​56198](nodejs/node#56198) - \[[`f3b3ff85e0`](nodejs/node@f3b3ff85e0)] - **doc**: call out import.meta is only supported in ES modules (Anton Kastritskii) [#​56186](nodejs/node#56186) - \[[`a9e67280e7`](nodejs/node@a9e67280e7)] - **doc**: add ambassador message - benefits of Node.js (Michael Dawson) [#​56085](nodejs/node#56085) - \[[`e4922ab15f`](nodejs/node@e4922ab15f)] - **doc**: fix incorrect link to style guide (Yuan-Ming Hsu) [#​56181](nodejs/node#56181) - \[[`114a3e5a05`](nodejs/node@114a3e5a05)] - **doc**: fix c++ addon hello world sample (Edigleysson Silva (Edy)) [#​56172](nodejs/node#56172) - \[[`f1c2d2f65e`](nodejs/node@f1c2d2f65e)] - **doc**: update blog release-post link (Ruy Adorno) [#​56123](nodejs/node#56123) - \[[`d48b5224c0`](nodejs/node@d48b5224c0)] - **doc**: fix module.md headings (Chengzhong Wu) [#​56131](nodejs/node#56131) - \[[`4cc0493a0b`](nodejs/node@4cc0493a0b)] - **fs**: make mutating `options` in Callback `readdir()` not affect results (LiviaMedeiros) [#​56057](nodejs/node#56057) - \[[`8d485f1c09`](nodejs/node@8d485f1c09)] - **fs**: make mutating `options` in Promises `readdir()` not affect results (LiviaMedeiros) [#​56057](nodejs/node#56057) - \[[`595851b5ed`](nodejs/node@595851b5ed)] - **fs,win**: fix readdir for named pipe (Hüseyin Açacak) [#​56110](nodejs/node#56110) - \[[`075b36b7b4`](nodejs/node@075b36b7b4)] - **http**: add setDefaultHeaders option to http.request (Tim Perry) [#​56112](nodejs/node#56112) - \[[`febd969c46`](nodejs/node@febd969c46)] - **http2**: remove duplicate codeblock (Vitaly Aminev) [#​55915](nodejs/node#55915) - \[[`b0ebd23e52`](nodejs/node@b0ebd23e52)] - **http2**: support ALPNCallback option (ZYSzys) [#​56187](nodejs/node#56187) - \[[`f10239fde7`](nodejs/node@f10239fde7)] - **lib**: remove redundant global regexps (Gürgün Dayıoğlu) [#​56182](nodejs/node#56182) - \[[`fd55d3cbdd`](nodejs/node@fd55d3cbdd)] - **lib**: clean up persisted signals when they are settled (Edigleysson Silva (Edy)) [#​56001](nodejs/node#56001) - \[[`889094fdbc`](nodejs/node@889094fdbc)] - **lib**: handle Float16Array in node:v8 serdes (Bartek Iwańczuk) [#​55996](nodejs/node#55996) - \[[`5aec513207`](nodejs/node@5aec513207)] - **lib**: disable default memory leak warning for AbortSignal (Lenz Weber-Tronic) [#​55816](nodejs/node#55816) - \[[`b5a2c0777d`](nodejs/node@b5a2c0777d)] - **(SEMVER-MINOR)** **module**: add prefix-only modules to `module.builtinModules` (Jordan Harband) [#​56185](nodejs/node#56185) - \[[`9863d27566`](nodejs/node@9863d27566)] - **(SEMVER-MINOR)** **module**: only emit require(esm) warning under --trace-require-module (Joyee Cheung) [#​56194](nodejs/node#56194) - \[[`5665e86da6`](nodejs/node@5665e86da6)] - **module**: prevent main thread exiting before esm worker ends (Shima Ryuhei) [#​56183](nodejs/node#56183) - \[[`8e780bc5ae`](nodejs/node@8e780bc5ae)] - **(SEMVER-MINOR)** **module**: use synchronous hooks for preparsing in import(cjs) (Joyee Cheung) [#​55698](nodejs/node#55698) - \[[`e5bb6c2303`](nodejs/node@e5bb6c2303)] - **(SEMVER-MINOR)** **module**: implement module.registerHooks() (Joyee Cheung) [#​55698](nodejs/node#55698) - \[[`f883bedceb`](nodejs/node@f883bedceb)] - **node-api**: allow napi_delete_reference in finalizers (Chengzhong Wu) [#​55620](nodejs/node#55620) - \[[`65bc8e847f`](nodejs/node@65bc8e847f)] - **(SEMVER-MINOR)** **report**: fix typos in report keys and bump the version (Yuan-Ming Hsu) [#​56068](nodejs/node#56068) - \[[`a6f0cfa468`](nodejs/node@a6f0cfa468)] - **sea**: only assert snapshot main function for main threads (Joyee Cheung) [#​56120](nodejs/node#56120) - \[[`0ab36e1937`](nodejs/node@0ab36e1937)] - **(SEMVER-MINOR)** **sqlite**: aggregate constants in a single property (Edigleysson Silva (Edy)) [#​56213](nodejs/node#56213) - \[[`4745798225`](nodejs/node@4745798225)] - **sqlite**: add support for custom functions (Colin Ihrig) [#​55985](nodejs/node#55985) - \[[`53cc0cc744`](nodejs/node@53cc0cc744)] - **sqlite**: support `db.loadExtension` (Alex Yang) [#​53900](nodejs/node#53900) - \[[`3968599702`](nodejs/node@3968599702)] - **src**: fix outdated js2c.cc references (Chengzhong Wu) [#​56133](nodejs/node#56133) - \[[`efcc5d90c5`](nodejs/node@efcc5d90c5)] - **(SEMVER-MINOR)** **src,lib**: stabilize permission model (Rafael Gonzaga) [#​56201](nodejs/node#56201) - \[[`a4a83613cb`](nodejs/node@a4a83613cb)] - **stream**: commit pull-into descriptors after filling from queue (Mattias Buelens) [#​56072](nodejs/node#56072) - \[[`3298ef4891`](nodejs/node@3298ef4891)] - **test**: remove test-sqlite-statement-sync flaky designation (Luigi Pinca) [#​56051](nodejs/node#56051) - \[[`1d8cc6179d`](nodejs/node@1d8cc6179d)] - **test**: use --permission over --experimental-permission (Rafael Gonzaga) [#​56239](nodejs/node#56239) - \[[`5d252b7a67`](nodejs/node@5d252b7a67)] - **test**: remove exludes for sea tests on PPC (Michael Dawson) [#​56217](nodejs/node#56217) - \[[`8288f57724`](nodejs/node@8288f57724)] - **test**: fix test-abortsignal-drop-settled-signals flakiness (Edigleysson Silva (Edy)) [#​56197](nodejs/node#56197) - \[[`683cc15796`](nodejs/node@683cc15796)] - **test**: move localizationd data from `test-icu-env` to external file (Livia Medeiros) [#​55618](nodejs/node#55618) - \[[`a0c4a5f122`](nodejs/node@a0c4a5f122)] - **test**: update WPT for url to [`6fa3fe8`](nodejs/node@6fa3fe8a92) (Node.js GitHub Bot) [#​56136](nodejs/node#56136) - \[[`a0e3926285`](nodejs/node@a0e3926285)] - **test**: remove `hasOpenSSL3x` utils (Antoine du Hamel) [#​56164](nodejs/node#56164) - \[[`041a49094e`](nodejs/node@041a49094e)] - **test**: update streams wpt (Mattias Buelens) [#​56072](nodejs/node#56072) - \[[`ea9a675f56`](nodejs/node@ea9a675f56)] - **test_runner**: exclude test files from coverage by default (Pietro Marchini) [#​56060](nodejs/node#56060) - \[[`118cd9998f`](nodejs/node@118cd9998f)] - **tools**: fix `node:` enforcement for docs (Antoine du Hamel) [#​56284](nodejs/node#56284) - \[[`c4c56daae8`](nodejs/node@c4c56daae8)] - **tools**: update github_reporter to 1.7.2 (Node.js GitHub Bot) [#​56205](nodejs/node#56205) - \[[`78743b1533`](nodejs/node@78743b1533)] - **tools**: add REPLACEME check to workflow (Mert Can Altin) [#​56251](nodejs/node#56251) - \[[`002ee71d9b`](nodejs/node@002ee71d9b)] - **tools**: use `github.actor` instead of bot username for release proposals (Antoine du Hamel) [#​56232](nodejs/node#56232) - \[[`d25d16efeb`](nodejs/node@d25d16efeb)] - ***Revert*** "**tools**: disable automated libuv updates" (Luigi Pinca) [#​56223](nodejs/node#56223) - \[[`b395e0c8c9`](nodejs/node@b395e0c8c9)] - **tools**: update gyp-next to 0.19.1 (Anna Henningsen) [#​56111](nodejs/node#56111) - \[[`a5aaf31c50`](nodejs/node@a5aaf31c50)] - **tools**: fix release proposal linter to support more than 1 folk preparing (Antoine du Hamel) [#​56203](nodejs/node#56203) - \[[`fa667d609e`](nodejs/node@fa667d609e)] - **tools**: remove has_absl_stringify from gyp file (Michaël Zasso) [#​56157](nodejs/node#56157) - \[[`65b541e70e`](nodejs/node@65b541e70e)] - **tools**: enable linter for `tools/icu/**` (Livia Medeiros) [#​56176](nodejs/node#56176) - \[[`28a4b6ff58`](nodejs/node@28a4b6ff58)] - **tools**: use commit title as MR title when creating release proposal (Antoine du Hamel) [#​56165](nodejs/node#56165) - \[[`e20eef659f`](nodejs/node@e20eef659f)] - **tools**: update gyp-next to 0.19.0 (Node.js GitHub Bot) [#​56158](nodejs/node#56158) - \[[`efcc829085`](nodejs/node@efcc829085)] - **tools**: bump the eslint group in /tools/eslint with 4 updates (dependabot\[bot]) [#​56099](nodejs/node#56099) - \[[`5620b2be8a`](nodejs/node@5620b2be8a)] - **tools**: improve release proposal MR opening (Antoine du Hamel) [#​56161](nodejs/node#56161) - \[[`3e17a8e78e`](nodejs/node@3e17a8e78e)] - **util**: harden more built-in classes against prototype pollution (Antoine du Hamel) [#​56225](nodejs/node#56225) - \[[`13815417c7`](nodejs/node@13815417c7)] - **util**: fix Latin1 decoding to return string output (Mert Can Altin) [#​56222](nodejs/node#56222) - \[[`77397c5013`](nodejs/node@77397c5013)] - **util**: do not rely on mutable `Object` and `Function`' `constructor` prop (Antoine du Hamel) [#​56188](nodejs/node#56188) - \[[`84f98e0a74`](nodejs/node@84f98e0a74)] - **v8,tools**: expose experimental wasm revectorize feature (Yolanda-Chen) [#​54896](nodejs/node#54896) - \[[`8325fa5c04`](nodejs/node@8325fa5c04)] - **worker**: fix crash when a worker joins after exit (Stephen Belanger) [#​56191](nodejs/node#56191) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS43Ny4wIiwidXBkYXRlZEluVmVyIjoiMzkuNzcuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiUmVub3ZhdGUgQm90Il19-->
This PR upgrades the Permission Model from 1.1 (Active Development) to 2.0 (Stable).
I’ve been diving deep into the Permission Model since its release in Node.js 20.0.0, looking at its limitations and what’s been fixed so far. Most of the technical challenges have been addressed, except for how symlinks are handled. After a lot of research, it turns out this isn’t fixable due to how the Permission Model relies on file paths, making TOCTOU issues theoretically possible. This isn’t unique to Node.js though—even Deno’s permission system has similar behaviour (see this article).
Since the feature’s release, there’s been a shift in how we think about security in Node.js. We’ve leaned into a "Defense in Depth" approach—recognizing that no single feature will let you run untrusted code safely. Instead, these features are like seatbelts: they reduce risk significantly (let’s say 90% of cases, though that’s not a hard number) but won’t stop everything. This aligns with our threat model, and the Permission Model reflects that philosophy.
The only remaining "limitation" is symlink behaviour. Fixing this would require changing how the Permission Model works at a fundamental level. It’s not feasible because TOCTOU issues are always a possibility when operating on file paths. Importantly, this isn’t just a Node.js thing—other runtimes face the same challenge.
That said, symlinks aren’t a dealbreaker:
/proc/
, you’re responsible for understanding what that includes. The docs already cover this.I have been talking with @tniessen in private as he has been indirectly involved in this feature (by raising concerns or suggestions). Some questions that he raised, and that I expect some of you might raise here too, were:
As with any non-popular feature, it's hard to assess its usage in the ecosystem, but we have received some issues in the security-wg repository that could mean people are evaluating its usage:
I was also approached by many people on social media saying "thanks" for the feature and that they are looking forward to having it established. I also understand that testing a feature is different from using this feature in production.
The Permission Model is most useful in development environments or scenarios where you want extra guardrails, but it doesn’t replace the core rule: don’t run untrusted code in Node.js.
If you configure it correctly, it’ll block most unwanted filesystem access, but it’s not a magic bullet. It’s a tool that works well when used as intended, and it complements Node.js’ broader security posture.
cc: @nodejs/security-wg