lib,src,test,doc: add node:ffi module by cjihrig · Pull Request #62072 · nodejs/node

nodejs-github-bot

added build

dependencies

needs-ci

labels

Mar 2, 2026

github-actions Bot added request-ci-failed

and removed request-ci

labels

Mar 18, 2026

anonrig previously approved these changes Mar 18, 2026

anonrig added request-ci

and removed request-ci-failed

labels

Mar 18, 2026

mcollina added request-ci

and removed request-ci

labels

Mar 19, 2026

cjihrig marked this pull request as ready for review

April 1, 2026 14:41

bengl mentioned this pull request

Apr 14, 2026

RafaelGSS added semver-minor

notable-change

labels

Apr 14, 2026

This was referenced

Apr 15, 2026

Cosmic-Game-studios pushed a commit to Cosmic-Game-studios/node that referenced this pull request

Apr 17, 2026

The DynamicLibrary::New constructor checks permission::PermissionScope::kFFI,
but the instance methods (InvokeFunction, GetFunction, GetFunctions,
GetSymbol, GetSymbols, RegisterCallback, UnregisterCallback, RefCallback,
UnrefCallback, Close) did not, creating a defense-in-depth gap.

An attacker able to obtain a DynamicLibrary handle through shared state
(e.g. a leaked reference from trusted code) could invoke arbitrary native
functions, resolve symbols, register executable callback trampolines, and
otherwise perform FFI operations even though --allow-ffi was not granted.
The critical gap was InvokeFunction: once a function handle was created,
executing it bypassed the permission model entirely. The audit mode also
failed to surface these violations.

Add THROW_IF_INSUFFICIENT_PERMISSIONS to every instance method, matching
the defense-in-depth pattern already used by the raw memory helpers in
src/ffi/data.cc (GetInt*, SetInt*, ToString, ToBuffer, ToArrayBuffer).

Refs: nodejs#62072

addaleax added the ffi

label

Apr 20, 2026

aduh95 pushed a commit that referenced this pull request

May 5, 2026

PR-URL: #62072
Co-authored-by: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Bryan English <bryan@bryanenglish.com>

aduh95 added a commit that referenced this pull request

May 5, 2026

Notable changes:

buffer:
  * (SEMVER-MINOR) add `end` parameter (Robert Nagy) #62390
crypto:
  * (SEMVER-MINOR) accept key data in `crypto.diffieHellman()` and cleanup DH jobs (Filip Skokan) #62527
  * (SEMVER-MINOR) implement `randomUUIDv7()` (nabeel378) #62553
debugger:
  * (SEMVER-MINOR) add edit-free runtime expression probes to `node inspect` (Joyee Cheung) #62713
fs:
  * (SEMVER-MINOR) add `signal` option to `fs.stat()` (Mert Can Altin) #57775
  * (SEMVER-MINOR) expose frsize field in statfs (Jinho Jang) #62277
http:
  * (SEMVER-MINOR) harden `ClientRequest` options merge (Matteo Collina) #63082
  * (SEMVER-MINOR) add `req.signal` to `IncomingMessage` (Akshat) #62541
lib,src,test,doc:
  * (SEMVER-MINOR) add `node:ffi` module (Colin Ihrig) #62072
process:
  * (SEMVER-MINOR) throw on `execve(2)` failure instead of aborting (Bryan English) #62878
src:
  * (SEMVER-MINOR) allow empty `--experimental-config-file` (Marco Ippolito) #61610
stream:
  * (SEMVER-MINOR) propagate destruction in `duplexPair` (Ahmed Elhor) #61098
test_runner:
  * (SEMVER-MINOR) align mock timeout api (sangwook) #62820
  * (SEMVER-MINOR) add mock-timers support for `AbortSignal.timeout` (DeveloperViraj) #60751
  * (SEMVER-MINOR) support test order randomization (Pietro Marchini) #61747
util:
  * (SEMVER-MINOR) colorize text with hex colors (Guilherme Araújo) #61556

PR-URL: #63137

aduh95 added a commit that referenced this pull request

May 6, 2026

Notable changes:

buffer:
  * (SEMVER-MINOR) add `end` parameter (Robert Nagy) #62390
crypto:
  * (SEMVER-MINOR) accept key data in `crypto.diffieHellman()` and cleanup DH jobs (Filip Skokan) #62527
  * (SEMVER-MINOR) implement `randomUUIDv7()` (nabeel378) #62553
debugger:
  * (SEMVER-MINOR) add edit-free runtime expression probes to `node inspect` (Joyee Cheung) #62713
fs:
  * (SEMVER-MINOR) add `signal` option to `fs.stat()` (Mert Can Altin) #57775
  * (SEMVER-MINOR) expose frsize field in statfs (Jinho Jang) #62277
http:
  * (SEMVER-MINOR) harden `ClientRequest` options merge (Matteo Collina) #63082
  * (SEMVER-MINOR) add `req.signal` to `IncomingMessage` (Akshat) #62541
lib,src,test,doc:
  * (SEMVER-MINOR) add `node:ffi` module (Colin Ihrig) #62072
process:
  * (SEMVER-MINOR) throw on `execve(2)` failure instead of aborting (Bryan English) #62878
src:
  * (SEMVER-MINOR) allow empty `--experimental-config-file` (Marco Ippolito) #61610
stream:
  * (SEMVER-MINOR) propagate destruction in `duplexPair` (Ahmed Elhor) #61098
test_runner:
  * (SEMVER-MINOR) align mock timeout api (sangwook) #62820
  * (SEMVER-MINOR) add mock-timers support for `AbortSignal.timeout` (DeveloperViraj) #60751
  * (SEMVER-MINOR) support test order randomization (Pietro Marchini) #61747
util:
  * (SEMVER-MINOR) colorize text with hex colors (Guilherme Araújo) #61556

PR-URL: #63137

aduh95 added a commit that referenced this pull request

May 6, 2026

Notable changes:

buffer:
  * (SEMVER-MINOR) add `end` parameter (Robert Nagy) #62390
crypto:
  * (SEMVER-MINOR) accept key data in `crypto.diffieHellman()` and cleanup DH jobs (Filip Skokan) #62527
  * (SEMVER-MINOR) implement `randomUUIDv7()` (nabeel378) #62553
debugger:
  * (SEMVER-MINOR) add edit-free runtime expression probes to `node inspect` (Joyee Cheung) #62713
fs:
  * (SEMVER-MINOR) add `signal` option to `fs.stat()` (Mert Can Altin) #57775
  * (SEMVER-MINOR) expose frsize field in statfs (Jinho Jang) #62277
http:
  * (SEMVER-MINOR) harden `ClientRequest` options merge (Matteo Collina) #63082
  * (SEMVER-MINOR) add `req.signal` to `IncomingMessage` (Akshat) #62541
lib,src,test,doc:
  * (SEMVER-MINOR) add `node:ffi` module (Colin Ihrig) #62072
process:
  * (SEMVER-MINOR) throw on `execve(2)` failure instead of aborting (Bryan English) #62878
src:
  * (SEMVER-MINOR) allow empty `--experimental-config-file` (Marco Ippolito) #61610
stream:
  * (SEMVER-MINOR) propagate destruction in `duplexPair` (Ahmed Elhor) #61098
test_runner:
  * (SEMVER-MINOR) align mock timeout api (sangwook) #62820
  * (SEMVER-MINOR) add mock-timers support for `AbortSignal.timeout` (DeveloperViraj) #60751
  * (SEMVER-MINOR) support test order randomization (Pietro Marchini) #61747
util:
  * (SEMVER-MINOR) colorize text with hex colors (Guilherme Araújo) #61556

PR-URL: #63137

aduh95 added a commit that referenced this pull request

May 7, 2026

Notable changes:

buffer:
  * (SEMVER-MINOR) add `end` parameter (Robert Nagy) #62390
crypto:
  * (SEMVER-MINOR) accept key data in `crypto.diffieHellman()` and cleanup DH jobs (Filip Skokan) #62527
  * (SEMVER-MINOR) implement `randomUUIDv7()` (nabeel378) #62553
debugger:
  * (SEMVER-MINOR) add edit-free runtime expression probes to `node inspect` (Joyee Cheung) #62713
fs:
  * (SEMVER-MINOR) add `signal` option to `fs.stat()` (Mert Can Altin) #57775
  * (SEMVER-MINOR) expose frsize field in statfs (Jinho Jang) #62277
http:
  * (SEMVER-MINOR) harden `ClientRequest` options merge (Matteo Collina) #63082
  * (SEMVER-MINOR) add `req.signal` to `IncomingMessage` (Akshat) #62541
lib,src,test,doc:
  * (SEMVER-MINOR) add `node:ffi` module (Colin Ihrig) #62072
process:
  * (SEMVER-MINOR) throw on `execve(2)` failure instead of aborting (Bryan English) #62878
src:
  * (SEMVER-MINOR) allow empty `--experimental-config-file` (Marco Ippolito) #61610
stream:
  * (SEMVER-MINOR) propagate destruction in `duplexPair` (Ahmed Elhor) #61098
test_runner:
  * (SEMVER-MINOR) align mock timeout api (sangwook) #62820
  * (SEMVER-MINOR) add mock-timers support for `AbortSignal.timeout` (DeveloperViraj) #60751
  * (SEMVER-MINOR) support test order randomization (Pietro Marchini) #61747
util:
  * (SEMVER-MINOR) colorize text with hex colors (Guilherme Araújo) #61556

PR-URL: #63137

araujogui pushed a commit to araujogui/node that referenced this pull request

May 26, 2026

Notable changes:

buffer:
  * (SEMVER-MINOR) add `end` parameter (Robert Nagy) nodejs#62390
crypto:
  * (SEMVER-MINOR) accept key data in `crypto.diffieHellman()` and cleanup DH jobs (Filip Skokan) nodejs#62527
  * (SEMVER-MINOR) implement `randomUUIDv7()` (nabeel378) nodejs#62553
debugger:
  * (SEMVER-MINOR) add edit-free runtime expression probes to `node inspect` (Joyee Cheung) nodejs#62713
fs:
  * (SEMVER-MINOR) add `signal` option to `fs.stat()` (Mert Can Altin) nodejs#57775
  * (SEMVER-MINOR) expose frsize field in statfs (Jinho Jang) nodejs#62277
http:
  * (SEMVER-MINOR) harden `ClientRequest` options merge (Matteo Collina) nodejs#63082
  * (SEMVER-MINOR) add `req.signal` to `IncomingMessage` (Akshat) nodejs#62541
lib,src,test,doc:
  * (SEMVER-MINOR) add `node:ffi` module (Colin Ihrig) nodejs#62072
process:
  * (SEMVER-MINOR) throw on `execve(2)` failure instead of aborting (Bryan English) nodejs#62878
src:
  * (SEMVER-MINOR) allow empty `--experimental-config-file` (Marco Ippolito) nodejs#61610
stream:
  * (SEMVER-MINOR) propagate destruction in `duplexPair` (Ahmed Elhor) nodejs#61098
test_runner:
  * (SEMVER-MINOR) align mock timeout api (sangwook) nodejs#62820
  * (SEMVER-MINOR) add mock-timers support for `AbortSignal.timeout` (DeveloperViraj) nodejs#60751
  * (SEMVER-MINOR) support test order randomization (Pietro Marchini) nodejs#61747
util:
  * (SEMVER-MINOR) colorize text with hex colors (Guilherme Araújo) nodejs#61556

PR-URL: nodejs#63137