政策

【Policies】

Node.js 包含了对创建加载代码的策略的实验性支持。

【Node.js contains experimental support for creating policies on loading code.】

策略是一种安全功能，旨在允许对 Node.js 能够加载的代码提供保证。使用策略假定对策略文件采用安全做法，例如通过使用文件权限确保 Node.js 应用无法覆盖策略文件。

【Policies are a security feature intended to allow guarantees about what code Node.js is able to load. The use of policies assumes safe practices for the policy files such as ensuring that policy files cannot be overwritten by the Node.js application by using file permissions.】

最佳做法是确保策略清单对正在运行的 Node.js 应用是只读的，并且运行中的 Node.js 应用无法以任何方式更改该文件。典型的设置是以不同于运行 Node.js 的用户 ID 创建策略文件，并授予运行 Node.js 的用户 ID 读取权限。

【A best practice would be to ensure that the policy manifest is read-only for the running Node.js application and that the file cannot be changed by the running Node.js application in any way. A typical setup would be to create the policy file as a different user id than the one running Node.js and granting read permissions to the user id running Node.js.】