We might want to protect loading of certain NodeJS functionality, unless a command-line argument says otherwise. This could be similar to LaTeX's -shell-escape and openin_any/openout_any (see e.g. this).
When we're rewriting modules via Babel, we might override require to prevent using node:fs or fs. (I'm sure there are lists of other dangerous modules too.) Or rewrite that module to exclude writing files, or to check whether written files are in the same directory or outside.
We don't want to limit custom code, and I've definitely used fs to read (but not write) .svg files in the past (but this is now much easier via require). But we can limit the damage that the code might do (hopefully accidentally).
We might want to protect loading of certain NodeJS functionality, unless a command-line argument says otherwise. This could be similar to LaTeX's
-shell-escape
andopenin_any
/openout_any
(see e.g. this).When we're rewriting modules via Babel, we might override
require
to prevent usingnode:fs
orfs
. (I'm sure there are lists of other dangerous modules too.) Or rewrite that module to exclude writing files, or to check whether written files are in the same directory or outside.We don't want to limit custom code, and I've definitely used
fs
to read (but not write) .svg files in the past (but this is now much easier viarequire
). But we can limit the damage that the code might do (hopefully accidentally).