Skip to content

Commit

Permalink
doc: add note that vm module is not a security mechanism
Browse files Browse the repository at this point in the history
the text added in this commit should warn users about
wrong idea that vm module can be secure to run unsafe scripts
in sandboxes

PR-URL: nodejs/node#11557
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
  • Loading branch information
krydos authored and andrew749 committed Jul 19, 2017
1 parent 11c20b2 commit 9e1fc5e
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions doc/api/vm.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ const vm = require('vm');
JavaScript code can be compiled and run immediately or compiled, saved, and run
later.

*Note*: The vm module is not a security mechanism.
**Do not use it to run untrusted code**.

## Class: vm.Script
<!-- YAML
added: v0.3.1
Expand Down

0 comments on commit 9e1fc5e

Please sign in to comment.