Security & Audit

NetPad plugins are designed with security in mind. This page covers the permission model, audit logging, sandboxing, and best practices for secure plugin development.

1. Permission Model

• Plugins must declare all required permissions in manifest.json
• Supported permissions: network, environment, files, database (future), external_api (future)
• Plugins are sandboxed and cannot access resources not explicitly permitted

Example:

"permissions": {
  "network": ["api.example.com"],
  "environment": ["NODE_ENV"],
  "files": []
}

2. Audit Logging

• All plugin actions are logged via the AuditLogger
• Logs include installation, execution, errors, and permission usage
• Admins can review logs for security and compliance

3. Sandboxing

• Plugins run in a secure, isolated environment
• No direct access to NetPad internals or other plugins
• Only allowed APIs and resources are exposed

4. Review Process

• All plugins submitted to the Plugin Store are reviewed for security and compliance
• Automated checks for vulnerabilities, excessive permissions, and unsafe code
• Manual review for suspicious or malicious behavior

5. Best Practices

• Request only the permissions you need
• Validate all inputs and outputs
• Handle errors gracefully and log appropriately
• Keep dependencies up to date
• Document all permissions and security considerations in your README

Further Reading

• Plugin Manifest Reference
• Development Workflow
• Publishing & Store
• Examples

For more, see the Plugin Sprint Plan.