Prompt
Avoid modifying global security state in favor of connection-specific or context-bound security settings. Global security state changes can lead to unexpected security vulnerabilities when modified by dependencies without application awareness.
When working with security-critical components like TLS:
- Configure security options at the connection level rather than globally
- Be wary of APIs that make one-way security changes affecting all connections
- Design APIs that allow explicit security configuration for specific contexts
For example, instead of using global security state changes:
// Avoid globally changing security state
tls.useSystemCA(); // Affects ALL connections
// Preferred: Scope security settings to specific connections
const connection = tls.connect({
ca: tls.getCACertificates('system') // Only affects this connection
});
This approach maintains clear security boundaries and prevents dependencies from silently weakening your application’s security posture through unexpected global state mutations.