Skip to content

doc: add alert on REPL from TCP socket#54594

Merged
nodejs-github-bot merged 1 commit intonodejs:mainfrom
RafaelGSS:remove-net-to-nodesocket-example
Aug 30, 2024
Merged

doc: add alert on REPL from TCP socket#54594
nodejs-github-bot merged 1 commit intonodejs:mainfrom
RafaelGSS:remove-net-to-nodesocket-example

Conversation

@RafaelGSS
Copy link
Member

@RafaelGSS RafaelGSS commented Aug 27, 2024

Initially, I was considering removing this example:

net.createServer((socket) => {
  connections += 1;
  repl.start({
    prompt: 'Node.js via TCP socket> ',
    input: socket,
    output: socket,
  }).on('exit', () => {
    socket.end();
  });
}).listen(5001);

But it does expose some of the possibilities of Node.js REPL. So, instead of removing it from our examples, I've included an alert for its usage in production.

cc: @mcollina

Refs: https://hackerone.com/reports/2684357

Loading
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@avivkeller avivkeller avivkeller left review comments

@mcollina mcollina mcollina approved these changes

@marco-ippolito marco-ippolito marco-ippolito approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. doc Issues and PRs related to the documentations. repl Issues and PRs related to the REPL subsystem. security Issues and PRs related to security.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@RafaelGSS @avivkeller @lirantal @mcollina @nodejs-github-bot @marco-ippolito