policy 安全策略

稳定性: 1 - 实验

Node.js 包含了对创建加载代码的策略的实验性支持。

策略是一个安全特性,旨在保证 Node.js 能够加载哪些代码。 策略的使用假定策略文件的安全实践,例如确保 Node.js 应用程序不能使用文件权限覆盖策略文件。

最佳实践是确保正在运行的 Node.js 应用程序的策略清单是只读的,并且正在运行的 Node.js 应用程序不能以任何方式更改该文件。 一个典型的设置是将策略文件创建为与运行 Node.js 的用户 ID 不同的用户 ID,并向运行 Node.js 的用户 ID 授予读取权限。

Stability: 1 - Experimental

Node.js contains experimental support for creating policies on loading code.

Policies are a security feature intended to allow guarantees about what code Node.js is able to load. The use of policies assumes safe practices for the policy files such as ensuring that policy files cannot be overwritten by the Node.js application by using file permissions.

A best practice would be to ensure that the policy manifest is read-only for the running Node.js application and that the file cannot be changed by the running Node.js application in any way. A typical setup would be to create the policy file as a different user id than the one running Node.js and granting read permissions to the user id running Node.js.