The Node.js Permission Model

05-09-2023 01:14 PM

Node.js 20 is available. The latest version of the popular JavaScript runtime introduces a permissions model for restricting resource access during execution. It’s currently an experimental feature, requiring a special flag to enable.

Introduced April 18, Node.js 20 can be accessed from as the “Current” release, carrying the latest features of the platform. It is slated to enter LTS (long-term support) status October 24, which typically guarantees bug fixes for at least 30 months.

With the experimental Node.js permission model, developers can restrict access to specific resources including the file system, child processes, and worker threads. Developers can use permissions to prevent applications from accessing or modifying sensitive data or running potentially harmful code. The API for this capability exists behind the flag –experimental-permission.