Skip to content

Commit

Permalink
doc: add note that vm module is not a security mechanism
Browse files Browse the repository at this point in the history
the text added in this commit should warn users about
wrong idea that vm module can be secure to run unsafe scripts
in sandboxes

PR-URL: #11557
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Evan Lucas <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
  • Loading branch information
krydos authored and italoacasas committed Mar 20, 2017
1 parent 6d6a65e commit 0c09126
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions doc/api/vm.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ const vm = require('vm');
JavaScript code can be compiled and run immediately or compiled, saved, and run
later.

*Note*: The vm module is not a security mechanism.
**Do not use it to run untrusted code**.

## Class: vm.Script
<!-- YAML
added: v0.3.1
Expand Down

0 comments on commit 0c09126

Please sign in to comment.