Closed
Description
This issue is just to keep tracking the work we've been doing in the Security WG. We've created a Threat Model document.
The intention of this document is to list all the current threats and their mitigation for each environment using Node.js. It may change over releases.
This document was created aiming to provide context on what will/will not be considered a vulnerability in Node.js, targeting Security Researchers.
Normally, the discussion around this document happens in the OpenJS Foundation slack (#nodejs-discussion-security-model). Feel free to contribute.