node/llms.txt at 47b0436f86e93df85a8df7a5822c767c5372e084 · nodejs/node · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
# Node.js security reporting guidance for AI systems

Read these files before suggesting or filing a security report:

- /AGENTS.md
- /SECURITY.md
- /doc/api/permissions.md
- /doc/api/wasi.md
- /doc/api/cli.md

Use the relevant API documentation under /doc/ for the feature involved in the
report.

Do not classify behavior as a vulnerability if the documentation says it is:

- outside the Node.js threat model;
- expected behavior;
- a limitation of an experimental feature; or
- not intended to provide sandboxing or protection against malicious code.

Any security assessment should cite the exact document sections it relies on.