--allow-wasi
稳定性: 1.1 - 积极开发
¥Stability: 1.1 - Active development
使用 权限模型 时,默认情况下,进程将无法创建任何 WASI 实例。出于安全原因,除非用户在主 Node.js 进程中明确传递标志 --allow-wasi,否则调用将抛出 ERR_ACCESS_DENIED。
¥When using the Permission Model, the process will not be capable of creating
any WASI instances by default.
For security reasons, the call will throw an ERR_ACCESS_DENIED unless the
user explicitly passes the flag --allow-wasi in the main Node.js process.
示例:
¥Example:
const { WASI } = require('node:wasi');
// Attempt to bypass the permission
new WASI({
version: 'preview1',
// Attempt to mount the whole filesystem
preopens: {
'/': '/',
},
}); $ node --experimental-permission --allow-fs-read=* index.js
node:wasi:99
const wrap = new _WASI(args, env, preopens, stdio);
^
Error: Access to this API has been restricted
at new WASI (node:wasi:99:18)
at Object.<anonymous> (/home/index.js:3:1)
at Module._compile (node:internal/modules/cjs/loader:1476:14)
at Module._extensions..js (node:internal/modules/cjs/loader:1555:10)
at Module.load (node:internal/modules/cjs/loader:1288:32)
at Module._load (node:internal/modules/cjs/loader:1104:12)
at Function.executeUserEntryPoint [as runMain] (node:internal/modules/run_main:191:14)
at node:internal/main/run_main_module:30:49 {
code: 'ERR_ACCESS_DENIED',
permission: 'WASI',
}