diff --git a/SECURITY.md b/SECURITY.md
index e602b7e51d0254..4326da6c83ebea 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -93,7 +93,8 @@ Vulnerabilities related to this case may be fixed by a documentation update.
 2. The operating system that Node.js is running under and its configuration,
    along with anything under control of the operating system.
 3. The code it is asked to run including JavaScript and native code, even if
-   said code is dynamically loaded. The code run inherits all the privileges of
+   said code is dynamically loaded, e.g. all dependencies installed from the npm registry.
+   The code run inherits all the privileges of
    the execution user.
 4. Inputs provided to it by the code it is asked to run, as it is the
    responsibility of the application to perform the required input validations.