doc: add note that vm module is not a security mechanism

the text added in this commit should warn users about wrong idea that vm module can be secure to run unsafe scripts in sandboxes PR-URL: nodejs#11557 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
jungx098 · Mar 21, 2017 · 53aa834 · 53aa834
1 parent 5b0fd7e
commit 53aa834
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/doc/api/vm.md b/doc/api/vm.md
@@ -14,6 +14,9 @@ const vm = require('vm');
 JavaScript code can be compiled and run immediately or compiled, saved, and run
 later.
 
+*Note*: The vm module is not a security mechanism.
+**Do not use it to run untrusted code**.
+
 ## Class: vm.Script
 <!-- YAML
 added: v0.3.1