Skip to content

Commit 22a103e

Browse files
RafaelGSStargos
authored andcommittedOct 2, 2024
doc: add alert on REPL from TCP socket
PR-URL: #54594 Refs: https://hackerone.com/reports/2684357 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
1 parent 3aaae68 commit 22a103e

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed
 

‎doc/api/repl.md

+8
Original file line numberDiff line numberDiff line change
@@ -774,6 +774,14 @@ a `net.Server` and `net.Socket` instance, see:
774774
For an example of running a REPL instance over [`curl(1)`][], see:
775775
<https://gist.github.com/TooTallNate/2053342>.
776776

777+
This example is intended purely for educational purposes to demonstrate how
778+
Node.js REPLs can be started using different I/O streams.
779+
It should **not** be used in production environments or any context where security
780+
is a concern without additional protective measures.
781+
If you need to implement REPLs in a real-world application, consider alternative
782+
approaches that mitigate these risks, such as using secure input mechanisms and
783+
avoiding open network interfaces.
784+
777785
[TTY keybindings]: readline.md#tty-keybindings
778786
[ZSH]: https://en.wikipedia.org/wiki/Z_shell
779787
[`'uncaughtException'`]: process.md#event-uncaughtexception

0 commit comments

Comments
 (0)
Please sign in to comment.