Question: Why do we have a --experimental-policy?
#1283
Comments
|
What I understood about it is that you trust the code at some point and you make a policy to ensure that in the future you are not running a different (modified, untrusted) version of that initial code. |
|
Note that this feature was developed before our threat model. AFAIK it's not a security mitigation for all supply-chain-attack vectors, but a seatbelt. It does work well except for its many edge cases. |
IMO If there are any edge cases, then it doesn't really work well, so I agree with nodejs/node#52575's proposal to remove it. |
|
Closing in favour of nodejs/node#52575 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the NodeJS threat model, it asserts that certain code, including dynamically loaded dependencies, is inherently trusted. However, despite this trust, there exists a permissions policy. Why is such a policy necessary if the code is already deemed trustworthy according to the threat model?
The text was updated successfully, but these errors were encountered: