diff --git a/SECURITY.md b/SECURITY.md
index 4326da6c83ebea..3bbb732883f015 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -93,9 +93,9 @@ Vulnerabilities related to this case may be fixed by a documentation update.
 2. The operating system that Node.js is running under and its configuration,
    along with anything under control of the operating system.
 3. The code it is asked to run including JavaScript and native code, even if
-   said code is dynamically loaded, e.g. all dependencies installed from the npm registry.
-   The code run inherits all the privileges of
-   the execution user.
+   said code is dynamically loaded, e.g. all dependencies installed from the
+   npm registry.
+   The code run inherits all the privileges of the execution user.
 4. Inputs provided to it by the code it is asked to run, as it is the
    responsibility of the application to perform the required input validations.
 5. Any connection used for inspector (debugger protocol) regardless of being
@@ -125,20 +125,20 @@ the community they pose.
   in certficates used to connect to an https endpoint. If certificates can be
   crafted which result in incorrect validation by the Node.js APIs that is
   considered a vulnerability.
-  
+
 #### Inconsistent Interpretation of HTTP Requests (CWE-444)
-  
+
 * Node.js provides APIs to accept http connections. Those APIs parse the
   headers received for a connection and pass them on to the application.
   Bugs in parsing those headers which can result in request smuggling are
   considered vulnerabilities.
-  
+
 #### Missing Cryptographic Step (CWE-325)
-  
+
 * Node.js provides APIs to encrypt data. Bugs that would allow an attacker
   to get the orginal data without requiring the encryption key are
   considered vulnerabilities.
-  
+
 #### External Control of System or Configuration Setting (CWE-15)
 
 * If Node.js automatically loads a configuration file which is not documented
@@ -163,7 +163,7 @@ the community they pose.
 * Node.js trusts the file system in the environment accessible to it.
   Therefore, it is not a vulnerability if it accesses/loads files from any path
   that is accessible to it.
-  
+
 #### External Control of System or Configuration Setting (CWE-15)
 
 * If Node.js automatically loads a configuration file which is documented