安全

¥Security

版本历史
版本变更
v21.2.0, v20.11.0

阐明 WASI 安全属性。

v21.2.0, v20.11.0

新增于: v21.2.0, v20.11.0

WASI 提供基于功能的模型,通过该模型为应用提供自己的自定义 envpreopensstdinstdoutstderrexit 功能。

¥WASI provides a capabilities-based model through which applications are provided their own custom env, preopens, stdin, stdout, stderr, and exit capabilities.

当前的 Node.js 威胁模型不提供某些 WASI 运行时中存在的安全沙箱。

¥The current Node.js threat model does not provide secure sandboxing as is present in some WASI runtimes.

虽然支持功能特性,但它们并不在 Node.js 中形成安全模型。例如,可以使用各种技术来躲避文件系统沙箱。该项目正在探索未来是否可以增加这些安全保障。

¥While the capability features are supported, they do not form a security model in Node.js. For example, the file system sandboxing can be escaped with various techniques. The project is exploring whether these security guarantees could be added in future.