Skip to content

doc: clarify threat model for application-level API exposure #61184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
RafaelGSS wants to merge 2 commits into
base: main
Choose a base branch
from
Open

doc: clarify threat model for application-level API exposure #61184

RafaelGSS wants to merge 2 commits into from
+26 −0

Conversation

@RafaelGSS
Copy link
Member

@RafaelGSS RafaelGSS commented Dec 27, 2025

Add examples of non-vulnerabilities when applications expose Node.js APIs to untrusted users without proper security boundaries.

@RafaelGSS
doc: clarify threat model for application-level API exposure
aee4275 
Add examples of non-vulnerabilities when applications expose Node.js
APIs to untrusted users without proper security boundaries.
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Dec 27, 2025

Review requested:

  • @nodejs/tsc

@nodejs-github-bot nodejs-github-bot added the doc Issues and PRs related to the documentations. label Dec 27, 2025
@RafaelGSS RafaelGSS added the security Issues and PRs related to security. label Dec 27, 2025
mcollina
mcollina approved these changes Dec 28, 2025
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@RafaelGSS RafaelGSS added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Dec 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcollina mcollina mcollina approved these changes

@lpinca lpinca lpinca approved these changes

@cjihrig cjihrig cjihrig approved these changes

@gireeshpunathil gireeshpunathil gireeshpunathil approved these changes

@legendecas legendecas legendecas approved these changes

@avivkeller avivkeller avivkeller approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. doc Issues and PRs related to the documentations. security Issues and PRs related to security.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@RafaelGSS @nodejs-github-bot @mcollina @lpinca @cjihrig @gireeshpunathil @legendecas @avivkeller