Graphorin API reference v0.1.0
Graphorin API reference / @graphorin/security / / ApplyProcessHardeningOptions
Interface: ApplyProcessHardeningOptions
Defined in: packages/security/src/hardening/apply.ts:29
Options for applyProcessHardening(...).
Stable
Properties
| Property | Modifier | Type | Description | Defined in |
|---|---|---|---|---|
allowRoot? | readonly | boolean | Allow the framework to run as root even when refuseRoot is true. Operators must opt in deliberately after reviewing DEC-135. | packages/security/src/hardening/apply.ts:42 |
preferFchmod? | readonly | boolean | When the host process started with --permission, prefer fs.fchmod() over fs.chmod() (CVE-2024-36137). The flag is mostly informational here; downstream ensureFileMode(...) reads the field via getHardeningStatus(...). | packages/security/src/hardening/apply.ts:49 |
refuseRoot? | readonly | boolean | Refuse to run as root on POSIX hosts. Defaults to true. The framework deliberately makes the safe path the default. | packages/security/src/hardening/apply.ts:34 |
umask? | readonly | number | Override the default umask (0o077). | packages/security/src/hardening/apply.ts:36 |
warn? | readonly | (message) => void | Optional WARN logger. | packages/security/src/hardening/apply.ts:51 |