doc: clarify that WASM is trusted

mcollina · marco-ippolito · commit ad59c82a49aa · 2025-03-06T13:38:04.000+01:00
Signed-off-by: Matteo Collina <hello@matteocollina.com> PR-URL: #56345 Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Ulises Gascón <ulisesgascongonzalez@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
diff --git a/SECURITY.md b/SECURITY.md
@@ -111,8 +111,8 @@ lead to a loss of confidentiality, integrity, or availability.
 1. The developers and infrastructure that runs it.
 2. The operating system that Node.js is running under and its configuration,
    along with anything under control of the operating system.
-3. The code it is asked to run, including JavaScript and native code, even if
-   said code is dynamically loaded, e.g., all dependencies installed from the
+3. The code it is asked to run, including JavaScript, WASM and native code, even
+   if said code is dynamically loaded, e.g., all dependencies installed from the
    npm registry.
    The code run inherits all the privileges of the execution user.
 4. Inputs provided to it by the code it is asked to run, as it is the
