From a5bf869ab95395322c4e167fb8dba071e99f3303 Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Mon, 18 Dec 2023 21:49:58 -0300
Subject: [PATCH] doc: mention node:wasi in the Threat Model

---
 SECURITY.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index 85c185df6006cb..f5b17eb626987d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -124,6 +124,8 @@ lead to a loss of confidentiality, integrity, or availability.
    end being on the local machine or remote.
 6. The file system when requiring a module.
    See <https://nodejs.org/api/modules.html#all-together>.
+7. The `node:wasi` module does not currently provide the comprehensive file
+   system security properties provided by some WASI runtimes.
 
 Any unexpected behavior from the data manipulation from Node.js Internal
 functions may be considered a vulnerability if they are exploitable via