From 2e74b0da8f5899f272b732421117be71df7153b8 Mon Sep 17 00:00:00 2001
From: Ruslan Bekenev <furyinbox@gmail.com>
Date: Sat, 25 Feb 2017 23:11:50 +0300
Subject: [PATCH] doc: add note that vm module is not a security mechanism

the text added in this commit should warn users about
wrong idea that vm module can be secure to run unsafe scripts
in sandboxes

PR-URL: https://github.com/nodejs/node/pull/11557
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
---
 doc/api/vm.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/doc/api/vm.md b/doc/api/vm.md
index 025e9725a9..b6fb90440a 100644
--- a/doc/api/vm.md
+++ b/doc/api/vm.md
@@ -14,6 +14,9 @@ const vm = require('vm');
 JavaScript code can be compiled and run immediately or compiled, saved, and run
 later.
 
+*Note*: The vm module is not a security mechanism.
+**Do not use it to run untrusted code**.
+
 ## Class: vm.Script
 <!-- YAML
 added: v0.3.1