From 34723be424445a492f9f673d6d289c54b9c4cbe8 Mon Sep 17 00:00:00 2001
From: Jay <jasonsaayman@gmail.com>
Date: Tue, 26 May 2026 08:41:29 +0200
Subject: [PATCH] docs: update threatmodel to include stance on runtime
 modification (#10945)

---
 THREATMODEL.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/THREATMODEL.md b/THREATMODEL.md
index 52d0d272..3d8e45e7 100644
--- a/THREATMODEL.md
+++ b/THREATMODEL.md
@@ -239,6 +239,7 @@ axios will **not**:
 - Warn when TLS validation is disabled via a custom agent.
 - Redact `config` from thrown errors - the caller may legitimately need it for retry logic.
 - Defend against a fully compromised caller process (e.g. attacker-controlled code running inside the caller). Note: for the narrower case of a **polluted `Object.prototype` arriving via a transitive dependency**, axios _does_ defend the reachable config-read gadgets (see T-R4b) — but any new config-read path must continue to use `hasOwnProp` guards to stay on this side of the line.
+- Defend against monkey-patched JavaScript or Node.js runtime APIs (`Object.keys`, `http.request`, `ClientRequest.prototype.setHeader`, `fetch`, etc.). If attacker-controlled code is already running in the same process, it can observe or alter requests below axios and this is outside axios' security boundary.
 
 ---