Skip to content

Commit

Permalink
doc: add note that vm module is not a security mechanism
Browse files Browse the repository at this point in the history 
the text added in this commit should warn users about
wrong idea that vm module can be secure to run unsafe scripts
in sandboxes

PR-URL: #11557
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
  • Loading branch information
@krydos @MylesBorins
krydos authored and MylesBorins committed Apr 19, 2017
1 parent b8e3a5f commit c10a4a2
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions doc/api/vm.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ const vm = require('vm');
JavaScript code can be compiled and run immediately or compiled, saved, and run
later.

*Note*: The vm module is not a security mechanism.
**Do not use it to run untrusted code**.

## Class: vm.Script
<!-- YAML
added: v0.3.1
Expand Down

0 comments on commit c10a4a2

Please sign in to comment.