Skip to content

permission: add --allow-env flag for environment variable access control#62827

Open
nabeel378 wants to merge 5 commits intonodejs:mainfrom
nabeel378:feat/permission-allow-env-flag
Open

permission: add --allow-env flag for environment variable access control#62827
nabeel378 wants to merge 5 commits intonodejs:mainfrom
nabeel378:feat/permission-allow-env-flag

Conversation

@nabeel378
Copy link
Copy Markdown
Contributor

@nabeel378 nabeel378 commented Apr 19, 2026

Adds --allow-env permission flag to control access to environment
variables when the permission model is enabled (--permission).

Supported usage:

  • --allow-env — grants access to all environment variables
  • --allow-env=HOME,PATH — grants access only to specified variables

When --permission is enabled without --allow-env, all calls to
process.env will throw ERR_ACCESS_DENIED.

Fixes: #62424

@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented Apr 19, 2026

Review requested:

  • @nodejs/config
  • @nodejs/gyp
  • @nodejs/security-wg

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Apr 19, 2026
@nabeel378 nabeel378 marked this pull request as draft April 19, 2026 10:23
@nabeel378 nabeel378 force-pushed the feat/permission-allow-env-flag branch from 9c74582 to f3544f8 Compare April 19, 2026 11:26
@nabeel378
permission,doc: fix --allow-env docs and expand test coverage
c54086a 
Signed-off-by: nabeel378 <mohammadnabeeljameel@gmail.com>
@nabeel378 nabeel378 marked this pull request as ready for review April 19, 2026 12:59
@nabeel378
permission: refactor permission checks and improve test assertions fo…
b6a89cf 
…r environment variables

Signed-off-by: nabeel378 <mohammadnabeeljameel@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add --allow-env flag to Permission Model for restricting environment variable access

2 participants

@nabeel378 @nodejs-github-bot