From c13a5c03732b2cc608179117c7c39fc902d03453 Mon Sep 17 00:00:00 2001
From: Rafael Gonzaga <rafael.nunu@hotmail.com>
Date: Thu, 21 Dec 2023 12:55:52 +0000
Subject: [PATCH] doc: mention node:wasi in the Threat Model

PR-URL: https://github.com/nodejs/node/pull/51211
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
---
 SECURITY.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index 85c185df6006cb..f5b17eb626987d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -124,6 +124,8 @@ lead to a loss of confidentiality, integrity, or availability.
    end being on the local machine or remote.
 6. The file system when requiring a module.
    See <https://nodejs.org/api/modules.html#all-together>.
+7. The `node:wasi` module does not currently provide the comprehensive file
+   system security properties provided by some WASI runtimes.
 
 Any unexpected behavior from the data manipulation from Node.js Internal
 functions may be considered a vulnerability if they are exploitable via