3 Commits
Author SHA1 Message Date
Jordan Harband 882ed79ece [Docs] threat model: document the mirror payload/metadata trust boundary
Payloads
(binaries, plus source tarballs that nvm compiles and runs at install time) are trusted by construction,
since nvm exists to build and run them;
parsed metadata (index.tab, SHASUMS, LTS codenames) is not,
and must never reach a command evaluator,
an awk/sed program body,
or an unvalidated filesystem path.
This records why the existing version-string and checksum hardening exists,
and scopes a malicious payload from a configured mirror as out of scope:
no privilege boundary is crossed.
2026-07-15 13:44:04 -07:00
Jordan HarbandandGitHub 6c9cd2f2d1 [security] fix typo in threat model 2023-12-15 09:46:35 -08:00
Jordan Harband 99646ee600 [security] add threat model 2023-11-15 10:10:29 -08:00