Skip to content

doc: clarify threat model for application-level API exposure #61184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nodejs-github-bot merged 2 commits into from
Dec 30, 2025
Merged

doc: clarify threat model for application-level API exposure #61184

nodejs-github-bot merged 2 commits into from
Dec 30, 2025
+26 −0

Conversation

@RafaelGSS
Copy link
Member

@RafaelGSS RafaelGSS commented Dec 27, 2025

Add examples of non-vulnerabilities when applications expose Node.js APIs to untrusted users without proper security boundaries.

@RafaelGSS
doc: clarify threat model for application-level API exposure
aee4275 
Add examples of non-vulnerabilities when applications expose Node.js
APIs to untrusted users without proper security boundaries.
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Dec 27, 2025

Review requested:

  • @nodejs/tsc

@nodejs-github-bot nodejs-github-bot added the doc Issues and PRs related to the documentations. label Dec 27, 2025
@RafaelGSS RafaelGSS added the security Issues and PRs related to security. label Dec 27, 2025
mcollina
mcollina approved these changes Dec 28, 2025
View reviewed changes
Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@RafaelGSS RafaelGSS added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Dec 28, 2025
@mcollina mcollina added the commit-queue Add this label to land a pull request using GitHub Actions. label Dec 29, 2025
@nodejs-github-bot nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Dec 30, 2025
@nodejs-github-bot nodejs-github-bot merged commit 4031355 into nodejs:main Dec 30, 2025
23 checks passed
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Dec 30, 2025

Landed in 4031355

aduh95 pushed a commit that referenced this pull request Jan 9, 2026
@RafaelGSS @aduh95
doc: clarify threat model for application-level API exposure
dce0ce3 
Add examples of non-vulnerabilities when applications expose Node.js
APIs to untrusted users without proper security boundaries.

PR-URL: #61184
Reviewed-By: Aviv Keller <me@aviv.sh>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
aduh95 pushed a commit that referenced this pull request Jan 12, 2026
@RafaelGSS @aduh95
doc: clarify threat model for application-level API exposure
f5b6051 
Add examples of non-vulnerabilities when applications expose Node.js
APIs to untrusted users without proper security boundaries.

PR-URL: #61184
Reviewed-By: Aviv Keller <me@aviv.sh>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcollina mcollina mcollina approved these changes

@lpinca lpinca lpinca approved these changes

@cjihrig cjihrig cjihrig approved these changes

@gireeshpunathil gireeshpunathil gireeshpunathil approved these changes

@legendecas legendecas legendecas approved these changes

@marco-ippolito marco-ippolito marco-ippolito approved these changes

@avivkeller avivkeller avivkeller approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. doc Issues and PRs related to the documentations. security Issues and PRs related to security.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@RafaelGSS @nodejs-github-bot @mcollina @lpinca @cjihrig @gireeshpunathil @legendecas @marco-ippolito @avivkeller