启用
--experimental-policy
标志可用于在加载模块时启用策略特性。
一旦设置好,则所有模块都必须符合传给标志的策略清单文件:
node --experimental-policy=policy.json app.js
策略清单将用于对 Node.js 加载的代码实施约束。
为了减少对磁盘上策略文件的篡改,可以通过 --policy-integrity
提供策略文件本身的完整性。
这允许运行 node
并断言策略文件内容,即使文件在磁盘上被更改。
node --experimental-policy=policy.json --policy-integrity="sha384-SggXRQHwCG8g+DktYYzxkXRIkTiEYWBHqev0xnpCxYlqMBufKZHAHQM3/boDaI/0" app.js
The --experimental-policy
flag can be used to enable features for policies
when loading modules.
Once this has been set, all modules must conform to a policy manifest file passed to the flag:
node --experimental-policy=policy.json app.js
The policy manifest will be used to enforce constraints on code loaded by Node.js.
To mitigate tampering with policy files on disk, an integrity for
the policy file itself may be provided via --policy-integrity
.
This allows running node
and asserting the policy file contents
even if the file is changed on disk.
node --experimental-policy=policy.json --policy-integrity="sha384-SggXRQHwCG8g+DktYYzxkXRIkTiEYWBHqev0xnpCxYlqMBufKZHAHQM3/boDaI/0" app.js