From e18e36aba3fc584d65e39d380c45193c12873d22 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Tue, 2 Jul 2024 18:51:33 +0200 Subject: [PATCH] document areas of the codebase with prototype pollution --- doc/contributing/primordials.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/contributing/primordials.md b/doc/contributing/primordials.md index 4ca383c41cbd25..ef3f84588014b3 100644 --- a/doc/contributing/primordials.md +++ b/doc/contributing/primordials.md @@ -4,8 +4,13 @@ The file `lib/internal/per_context/primordials.js` subclasses and stores the JS built-ins that come from the VM so that Node.js built-in modules do not need to later look these up from the global proxy, which can be mutated by users. -Usage of primordials should be preferred for any new code, but replacing current -code with primordials should be +For some area of the codebase, performance and code readability are deemed more +important than reliability against prototype pollution: + +* `node:http` + +Usage of primordials should be preferred for new code in other areas, but +replacing current code with primordials should be [done with care](#primordials-with-known-performance-issues). It is highly recommended to ping the relevant team when reviewing a pull request that touches one of the subsystems they "own".