I haven't really mastered everything Node's Browserify module can do, but it does seem evident that you can make your functions written in node, which include file system manipulation for example, accessible on the client.
More specifically if we had the following node code,
window.readFile=function(){
fs.readFile(dir+file, "utf-8", function (err, data) {
var dataString;
if (err){
throw err;
}
if (data){
dataString = data.toString('utf8');
}
console.log(dataString);
return dataString;
});
}
And we guessed the directory and file name, or even parsed through a base directory and outputted all the contents (it's easy to do in node), then we simply call readFile when the document loads, wouldn't this circumvent all the browser safety to ensure malicious scripts don't access your file system for example or am I missing something here?
When you include a standard-lib module in browserify, it doesn't include the copy from your node installation, but rather a copy browserify includes specifically for the browser.
That being said, the fs module is a no-op in browserify for several reasons, security being one of them (as well as the browser's file access methods don't cover the same space that node's do.) This is true also for modules like child_process, module, net, dgram, etc -- where there would be no easy (or sometimes possible!) translation into the browser environment.
If you need to access files from disk in the browser, there is a browserify transform, brfs, which will include the data from the file AT COMPILE TIME as a static string into the bundle.