security-wg
security-wg copied to clipboard
nodejs
Node.js Ecosystem Security Working Group
# Permission Model initial issue Hello everybody! Following up on the [Security Model initiative](https://github.com/nodejs/node/blob/master/doc/contributing/technical-priorities.md#permissionspoliciessecurity-model) and the [Mini summit (Next-10)](https://github.com/nodejs/next-10/blob/main/meetings/summit-apr-2022.md#permissionspoliciessecurity-model) in April seems and consensus that Node.js aims to have a...
## Time **UTC Thu 01-Sep-2022 14:00 (02:00 PM)**: | Timezone | Date/Time | |---------------|-----------------------| | US / Pacific | Thu 01-Sep-2022 07:00 (07:00 AM) | | US / Mountain |...
PR's like this are really hard to validate and should probably be done through automation. https://github.com/nodejs/node/pull/44283 @RafaelGSS,@facutuesca is that something you could add to your do list?
In the #799 issue, we are adding a statement that we trust on every opened file that's documented. To make this statement stronger, might make sense to include a test...
Today I was made aware of https://sos.dev Is this already on our radar and something that can help the Node.js project to get some support from the foundation or are...
This issue is just to keep tracking the work we've been doing in the Security WG. We've created a [Threat Model document](https://docs.google.com/document/d/10so8HJdNVYr9q66tyl6caK9s56c4ucNIUs_J1BzjZLo/edit?usp=sharing). The intention of this document is to list...
The README.md links to ./processes/security_team_membership_policy.md, but that link is dead. processes/wg_offboarding.md points to https://github.com/nodejs/security-wg/blob/master/processes/third_party_vuln_process.md, but that link is dead.
# Background Currently the [Guides](https://nodejs.org/en/docs/guides/) section of the Node.js documentation does not have any documentation around security. I think it's fair to say that such guidance would be a useful...
We have some good discussion/work going on in the Threat Model document - https://docs.google.com/document/d/10so8HJdNVYr9q66tyl6caK9s56c4ucNIUs_J1BzjZLo/edit#. I think that will take some additional time/work to get it into it's final form with...
Feature request. Most third part module we are using are pure function things. If we can control that (when we require them even install them), then maybe most security problems...
