doc: use stronger language about security of vm

PR-URL: #23198 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com> Reviewed-By: John-David Dalton <john.david.dalton@gmail.com> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
nodejs · Oct 17, 2018 · e4a1683 · e4a1683
1 parent 5ed4b89
commit e4a1683
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/doc/api/vm.md b/doc/api/vm.md
@@ -7,7 +7,10 @@
 <!--name=vm-->
 
 The `vm` module provides APIs for compiling and running code within V8 Virtual
-Machine contexts.
+Machine contexts. **Note that the `vm` module is not a security mechanism. Do
+not use it to run untrusted code**. The term "sandbox" is used throughout these
+docs simply to refer to a separate context, and does not confer any security
+guarantees.
 
 JavaScript code can be compiled and run immediately or
 compiled, saved, and run later.
@@ -40,9 +43,6 @@ console.log(sandbox.y); // 17
 console.log(x); // 1; y is not defined.
 ```
 
-**The vm module is not a security mechanism. Do not use it to run untrusted
-code**.
-
 ## Class: vm.SourceTextModule
 <!-- YAML
 added: v9.6.0