From e4cca8cec00c2f280f7790649443268c0390c291 Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Mon, 23 Dec 2024 11:40:47 +0100
Subject: [PATCH 1/2] doc: clarify that WASM is trusted

Signed-off-by: Matteo Collina <hello@matteocollina.com>
---
 SECURITY.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 19e876939f0f55..510ba585d56064 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -111,8 +111,8 @@ lead to a loss of confidentiality, integrity, or availability.
 1. The developers and infrastructure that runs it.
 2. The operating system that Node.js is running under and its configuration,
    along with anything under control of the operating system.
-3. The code it is asked to run, including JavaScript and native code, even if
-   said code is dynamically loaded, e.g., all dependencies installed from the
+3. The code it is asked to run, including JavaScript, WASM and native code, even
+   if said code is dynamically loaded, e.g., all dependencies installed from the
    npm registry.
    The code run inherits all the privileges of the execution user.
 4. Inputs provided to it by the code it is asked to run, as it is the
@@ -123,7 +123,7 @@ lead to a loss of confidentiality, integrity, or availability.
    end being on the local machine or remote.
 6. The file system when requiring a module.
    See <https://nodejs.org/api/modules.html#all-together>.
-7. The `node:wasi` module does not currently provide the comprehensive file
+8. The `node:wasi` module does not currently provide the comprehensive file
    system security properties provided by some WASI runtimes.
 
 Any unexpected behavior from the data manipulation from Node.js Internal

From 8ced8f4821f3a916ee5f7f51a73aa7efa307b0d0 Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Tue, 24 Dec 2024 11:33:24 +0100
Subject: [PATCH 2/2] fixup

Signed-off-by: Matteo Collina <hello@matteocollina.com>
---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 510ba585d56064..a551179c625a43 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -123,7 +123,7 @@ lead to a loss of confidentiality, integrity, or availability.
    end being on the local machine or remote.
 6. The file system when requiring a module.
    See <https://nodejs.org/api/modules.html#all-together>.
-8. The `node:wasi` module does not currently provide the comprehensive file
+7. The `node:wasi` module does not currently provide the comprehensive file
    system security properties provided by some WASI runtimes.
 
 Any unexpected behavior from the data manipulation from Node.js Internal