doc: mention node:wasi in the Threat Model

PR-URL: https://github.com/nodejs/node/pull/51211 Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
2026-01-15 12:15:26 +00:00 · 2023-12-21 12:55:52 +00:00
parent ddb58bfd4e
commit a71210ba60
1 changed files with 2 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -124,6 +124,8 @@ lead to a loss of confidentiality, integrity, or availability.
   end being on the local machine or remote.
 6. The file system when requiring a module.
   See <https://nodejs.org/api/modules.html#all-together>.
+7. The `node:wasi` module does not currently provide the comprehensive file
+   system security properties provided by some WASI runtimes.

 Any unexpected behavior from the data manipulation from Node.js Internal
 functions may be considered a vulnerability if they are exploitable via