安全

\Security

WASI 提供基于功能的模型,通过该模型为应用提供自己的自定义 env、preopens、stdin、stdout、stderr 和 exit 功能。

\WASI provides a capabilities-based model through which applications are provided their own custom env, preopens, stdin, stdout, stderr, and exit capabilities.

当前的 Node.js 威胁模型不提供某些 WASI 运行时中存在的安全沙箱。

\The current Node.js threat model does not provide secure sandboxing as is present in some WASI runtimes.

虽然支持功能特性,但它们并不在 Node.js 中形成安全模型。例如,可以使用各种技术来躲避文件系统沙箱。该项目正在探索未来是否可以增加这些安全保障。

\While the capability features are supported, they do not form a security model in Node.js. For example, the file system sandboxing can be escaped with various techniques. The project is exploring whether these security guarantees could be added in future.