generate-node-policy-file v1.1.0
generate-node-policy-file
Generate a Node.js policy file for your code.
Policies are a security feature intended to allow guarantees about what code Node.js is able to load. The use of policies assumes safe practices for the policy files such as ensuring that policy files cannot be overwritten by the Node.js application by using file permissions.
Note: In Node.js 12
and 13
, the policy feature is marked as experimental:
This feature is still under active development and subject to non-backward compatible changes or removal in any future version. Use of the feature is not recommended in production environments. Experimental features are not subject to the Node.js Semantic Versioning model.
Installation
npm install generate-node-policy-file
Usage
Generate a list of required files by your app:
env REQUIRED_FILES=required-files.json node -r generate-node-policy-file/track my-app.js
Generate a Node.js policy file from the list:
generate-node-policy-file <required-files.json >policy.json
Make it read-only for the user the app will be running with:
sudo chown root:admin policy.json
sudo chmod 755 policy.json
Let Node.js use it:
node --experimental-policy=policy.json my-app.js
Options
option | description | default |
---|---|---|
--base-dir , -d | Directory the file paths are relative to. | $CWD |
--on-error | Error behavior. | exit |
--pretty , -p | Pretty-print the generated JSON. | – |
Contributing
If you have a question or need support using generate-node-policy-file
, please double-check your code and setup first. If you think you have found a bug or want to propose a feature, refer to the issues page.