You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: doc/api/code_integrity.md
+8-3Lines changed: 8 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,6 +6,8 @@
6
6
7
7
> Stability: 1.1 - Active development
8
8
9
+
This feature is only available on Windows platforms.
10
+
9
11
Code integrity refers to the assurance that software code has not been
10
12
altered or tampered with in any unauthorized way. It ensures that
11
13
the code running on a system is exactly what was intended by the developers.
@@ -39,7 +41,8 @@ a file's integrity. Application developers are responsible for generating and
39
41
distributing the signature information for their Node.js application.
40
42
Application developers are also expected to design their application
41
43
in robust ways to avoid unintended code execution. This includes
42
-
use of `eval` and loading modules outside of standard methods.
44
+
avoiding the use of `eval` and avoiding loading modules outside
45
+
of standard methods.
43
46
44
47
Signature information for files which Node.js is intended to execute
45
48
can be stored in a catalog file. Application developers can generate
@@ -62,15 +65,15 @@ Be sure that the catalog is generated using the final version of the files that
62
65
The application developer should then sign the generated catalog with their Code Signing certificate
63
66
to ensure the catalog is not tampered with between distribution and execution.
64
67
65
-
This can be done with the [Set-AuthenticodeSignature commandlet](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-authenticodesignature).
68
+
This can be done with the [Set-AuthenticodeSignature commandlet][].
66
69
67
70
### Windows Code Integrity and System Administrators
68
71
69
72
This section is intended for system administrators who want to enable Node.js
70
73
code integrity features in their environments.
71
74
72
75
This section assumes familiarity with managing WDAC polcies.
73
-
Official documentation for WDAC can be found [here](https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/).
76
+
[Official documentation for WDAC][].
74
77
75
78
Code integrity enforcement on Windows has two toggleable settings:
76
79
`EnforceCodeIntegrity` and `DisableInteractiveMode`. These settings are configured
@@ -131,3 +134,5 @@ Code integrity on MacOS is not yet implemented. Currently, there is no
[Official documentation for WDAC]: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/windows-defender-application-control/
0 commit comments