		{
		"name": "ses",
		"version": "1.9.1",
		"version": "1.10.0",
		"description": "Hardened JavaScript for Fearless Cooperation",
		@@ -81,8 +81,8 @@ "keywords": [
		"dependencies": {
		"@endo/env-options": "^1.1.7"
		"@endo/env-options": "^1.1.8"
		},
		"devDependencies": {
		"@endo/compartment-mapper": "^1.3.1",
		"@endo/module-source": "^1.1.1",
		"@endo/test262-runner": "^0.1.42",
		"@endo/compartment-mapper": "^1.4.0",
		"@endo/module-source": "^1.1.2",
		"@endo/test262-runner": "^0.1.43",
		"ava": "^6.1.3",
		@@ -97,6 +97,6 @@ "babel-eslint": "^10.1.0",
		"eslint-plugin-import": "^2.29.1",
		"prettier": "^3.2.5",
		"prettier": "^3.3.3",
		"terser": "^5.16.6",
		"tsd": "^0.31.2",
		"typescript": "~5.6.2"
		"typescript": "~5.6.3"
		},
		@@ -208,3 +208,3 @@ "files": [
		},
		"gitHead": "c242c28a68d1af29475150e44b5f3e9d0feda8cd"
		"gitHead": "5486ed1f238104716b6a8321b977fbc508ef80e1"
		}

README.md

		@@ -171,2 +171,4 @@ # SES

		lockdown();

		const c = new Compartment({
		@@ -173,0 +175,0 @@ globals: {

src/compartment-shim.js

		@@ -5,10 +5,16 @@ import { globalThis } from './commons.js';
		import { getGlobalIntrinsics } from './intrinsics.js';
		import { chooseReporter } from './reporting.js';

		const markVirtualizedNativeFunction = tameFunctionToString();

		const muteReporter = chooseReporter('none');

		// @ts-ignore Compartment is definitely on globalThis.
		globalThis.Compartment = makeCompartmentConstructor(
		makeCompartmentConstructor,
		getGlobalIntrinsics(globalThis),
		// Any reporting that would need to be done should have already been done
		// during `lockdown()`.
		// See https://github.com/endojs/endo/pull/2624#discussion_r1840979770
		getGlobalIntrinsics(globalThis, muteReporter),
		markVirtualizedNativeFunction,
		);

src/enable-property-overrides.js

		@@ -26,4 +26,6 @@ // Adapted from SES/Caja

		/** @import {Reporter} from './reporting-types.js' */

		/**
		* For a special set of properties defined in the `enablement` whitelist,
		* For a special set of properties defined in the `enablement` list,
		* `enablePropertyOverrides` ensures that the effect of freezing does not
		@@ -79,2 +81,3 @@ * suppress the ability to override these properties on derived objects by
		* @param {'min' \| 'moderate' \| 'severe'} overrideTaming
		* @param {Reporter} reporter
		* @param {Iterable<string \| symbol>} [overrideDebug]
		@@ -85,2 +88,3 @@ */
		overrideTaming,
		{ warn },
		overrideDebug = [],
		@@ -115,4 +119,3 @@ ) {
		if (isDebug) {
		// eslint-disable-next-line @endo/no-polymorphic-call
		console.error(TypeError(`Override property ${prop}`));
		warn(TypeError(`Override property ${prop}`));
		}
		@@ -119,0 +122,0 @@ defineProperty(this, prop, {

src/enablements.js

		import { toStringTagSymbol, iteratorSymbol } from './commons.js';

		/**
		* @file Exports {@code enablements}, a recursively defined
		* @module Exports {@code enablements}, a recursively defined
		* JSON record defining the optimum set of intrinsics properties
		@@ -6,0 +6,0 @@ * that need to be "repaired" before hardening is applied on

src/error/console.js

		@@ -34,3 +34,3 @@ // @ts-check

		// The whitelists of console methods, from:
		// The permitted console methods, from:
		// Whatwg "living standard" https://console.spec.whatwg.org/
		@@ -114,3 +114,3 @@ // Node https://nodejs.org/dist/latest-v14.x/docs/api/console.html
		/** @type {readonly [ConsoleProps, LogSeverity \| undefined][]} */
		const consoleWhitelist = freeze([
		const consoleMethodPermits = freeze([
		...consoleLevelMethods,
		@@ -123,4 +123,4 @@ ...consoleOtherMethods,
		* with the intention that it be treated like the `false` entries in the main
		* SES whitelist: that seeing these on the original console is expected, but
		* seeing anything else that's outside the whitelist is surprising and should
		* SES permits: that seeing these on the original console is expected, but
		* seeing anything else that's outside the permits is surprising and should
		* provide a diagnostic.
		@@ -164,3 +164,3 @@ *
		const loggingConsole = fromEntries(
		arrayMap(consoleWhitelist, ([name, _]) => {
		arrayMap(consoleMethodPermits, ([name, _]) => {
		// Use an arrow function so that it doesn't come with its own name in
		@@ -515,7 +515,7 @@ // its printed form. Instead, we're hoping that tooling uses only
		// TODO do something with optional topic string
		const whitelist = arrayFilter(
		consoleWhitelist,
		const methodPermits = arrayFilter(
		consoleMethodPermits,
		([name, _]) => name in baseConsole,
		);
		const methods = arrayMap(whitelist, ([name, severity]) => {
		const methods = arrayMap(methodPermits, ([name, severity]) => {
		/**
		@@ -522,0 +522,0 @@ * @param {...any} args

src/error/internal-types.js

		@@ -65,3 +65,3 @@ // @ts-check
		*
		* A logging console just accumulates the contents of all whitelisted calls,
		* A logging console just accumulates the contents of all permitted calls,
		* making them available to callers of `takeLog()`. Calling `takeLog()`
		@@ -68,0 +68,0 @@ * consumes these, so later calls to `takeLog()` will only provide a log of

src/error/README.md

		@@ -65,5 +65,5 @@ # Logging Errors

		SES considers both `assert` and `console` to be powerful objects, appearing initially in the start compartment, and not whitelisted for implicit propagation to created compartments. Rather, we recommend an endowment pattern where the global `assert` is passed forward as is, but only filtered forms of the `console` are. As compartments create each other in a tree, they create a corresponding filtering tree of consoles. Information sent to any compartment's console is then sent up the filtering tree. Only information that survives all the filters in its path arrive at the root console, producing log output. The others have no effect. Given the expected pattern of a compartment per package, the per-compartment console filter is effectly a topic filter, treating the package identity as a topic. We plan to also support coordinated stack-frame filters, as explained at [Need source-prefix-based stackframe filter #488](https://github.com/Agoric/SES-shim/issues/488).
		SES considers both `assert` and `console` to be powerful objects, appearing initially in the start compartment, and not permitted for implicit propagation to created compartments. Rather, we recommend an endowment pattern where the global `assert` is passed forward as-is, but only filtered forms of the `console` are. As compartments create each other in a tree, they create a corresponding filtering tree of consoles. Information sent to any compartment's console is then sent up the filtering tree. Only information that survives all the filters in its path arrive at the root console, producing log output. The others have no effect. Given the expected pattern of a compartment per package, the per-compartment console filter is effectly a topic filter, treating the package identity as a topic. We plan to also support coordinated stack-frame filters, as explained at [Need source-prefix-based stackframe filter #488](https://github.com/Agoric/SES-shim/issues/488).

		For security and determinism, we normally reason from the in-band frame of reference where the console logging output does not exist, is not an effect, and `console` operations are write-only. Within this frame of reference, the `assert` and `console` powers are not very powerful. They are almost as safe as the whitelisted powerless shared primordials, which is why we're willing to recommend this endowment pattern be habitual.
		For security and determinism, we normally reason from the in-band frame of reference where the console logging output does not exist, is not an effect, and `console` operations are write-only. Within this frame of reference, the `assert` and `console` powers are not very powerful. They are almost as safe as the permitted, powerless, shared primordials, which is why we're willing to recommend this endowment pattern be habitual.

		@@ -70,0 +70,0 @@ ## Hiding and Revealing Distributed Diagnostic Information

src/error/tame-v8-error-constructor.js

		@@ -22,4 +22,4 @@ import {

		// Whitelist names from https://v8.dev/docs/stack-trace-api
		// Whitelisting only the names used by error-stack-shim/src/v8StackFrames
		// Permit names from https://v8.dev/docs/stack-trace-api
		// Permiting only the names used by error-stack-shim/src/v8StackFrames
		// callSiteToFrame to shim the error stack proposal.
		@@ -49,3 +49,3 @@ const safeV8CallSiteMethodNames = [

		'toString', // TODO replace to use only whitelisted info
		'toString', // TODO replace to use only permitted info
		];
		@@ -52,0 +52,0 @@

src/global-object.js

		@@ -124,3 +124,3 @@ import {

		// TODO These should still be tamed according to the whitelist before
		// TODO These should still be tamed according to the permits before
		// being made available.
		@@ -127,0 +127,0 @@ for (const [name, value] of entries(perCompartmentGlobals)) {

src/intrinsics.js

		@@ -0,1 +1,2 @@
		import { cauterizeProperty } from './cauterize-property.js';
		import {
		@@ -26,2 +27,6 @@ TypeError,

		/**
		* @import {Reporter} from './reporting-types.js'
		*/

		const isFunction = obj => typeof obj === 'function';
		@@ -32,3 +37,3 @@
		// property throws, causing SES initialization to fail. Otherwise, a
		// conflict between, for example, two of SES's internal whitelists might
		// conflict between, for example, two of SES's internal permits might
		// get masked as one overwrites the other. Accordingly, the thrown error
		@@ -76,3 +81,6 @@ // complains of a "Conflicting definition".

		export const makeIntrinsicsCollector = () => {
		/**
		* @param {Reporter} reporter
		*/
		export const makeIntrinsicsCollector = reporter => {
		/** @type {Record<any, any>} */
		@@ -88,3 +96,3 @@ const intrinsics = create(null);
		// For each intrinsic, if it has a `.prototype` property, use the
		// whitelist to find out the intrinsic name for that prototype and add it
		// permits to find out the intrinsic name for that prototype and add it
		// to the intrinsics.
		@@ -103,7 +111,15 @@ const completePrototypes = () => {
		if (typeof permit !== 'object') {
		throw TypeError(`Expected permit object at whitelist.${name}`);
		throw TypeError(`Expected permit object at permits.${name}`);
		}
		const namePrototype = permit.prototype;
		if (!namePrototype) {
		throw TypeError(`${name}.prototype property not whitelisted`);
		cauterizeProperty(
		intrinsic,
		'prototype',
		false,
		`${name}.prototype`,
		reporter,
		);
		// eslint-disable-next-line no-continue
		continue;
		}
		@@ -114,3 +130,3 @@ if (
		) {
		throw TypeError(`Unrecognized ${name}.prototype whitelist entry`);
		throw TypeError(`Unrecognized ${name}.prototype permits entry`);
		}
		@@ -164,3 +180,3 @@ const intrinsicPrototype = intrinsic.prototype;
		* Doesn't tame, delete, or modify anything. Samples globalObject to create an
		* intrinsics record containing only the whitelisted global variables, listed
		* intrinsics record containing only the permitted global variables, listed
		* by the intrinsic names appropriate for new globals, i.e., the globals of
		@@ -174,5 +190,7 @@ * newly constructed compartments.
		* @param {object} globalObject
		* @param {Reporter} reporter
		*/
		export const getGlobalIntrinsics = globalObject => {
		const { addIntrinsics, finalIntrinsics } = makeIntrinsicsCollector();
		export const getGlobalIntrinsics = (globalObject, reporter) => {
		// TODO pass a proper reporter to `makeIntrinsicsCollector`
		const { addIntrinsics, finalIntrinsics } = makeIntrinsicsCollector(reporter);

		@@ -179,0 +197,0 @@ addIntrinsics(sampleGlobals(globalObject, sharedGlobalPropertyNames));

src/lockdown.js

		@@ -33,3 +33,3 @@ // Copyright (C) 2018 Agoric
		import { makeIntrinsicsCollector } from './intrinsics.js';
		import whitelistIntrinsics from './permits-intrinsics.js';
		import removeUnpermittedIntrinsics from './permits-intrinsics.js';
		import tameFunctionConstructors from './tame-function-constructors.js';
		@@ -62,2 +62,3 @@ import tameDateConstructor from './tame-date-constructor.js';
		import { shimArrayBufferTransfer } from './shim-arraybuffer-transfer.js';
		import { reportInGroup, chooseReporter } from './reporting.js';

		@@ -167,6 +168,9 @@ /** @import {LockdownOptions} from '../types.js' */
		errorTaming = getenv('LOCKDOWN_ERROR_TAMING', 'safe'),
		errorTrapping = /** @type {"platform" \| "none" \| "report" \| "abort" \| "exit" \| undefined} */ (
		errorTrapping = /** @type {"platform" \| "none" \| "report" \| "abort" \| "exit"} */ (
		getenv('LOCKDOWN_ERROR_TRAPPING', 'platform')
		),
		unhandledRejectionTrapping = /** @type {"none" \| "report" \| undefined} */ (
		reporting = /** @type {"platform" \| "console" \| "none"} */ (
		getenv('LOCKDOWN_REPORTING', 'platform')
		),
		unhandledRejectionTrapping = /** @type {"none" \| "report"} */ (
		getenv('LOCKDOWN_UNHANDLED_REJECTION_TRAPPING', 'report')
		@@ -177,6 +181,8 @@ ),

		consoleTaming = /** @type {'unsafe' \| 'safe' \| undefined} */ (
		consoleTaming = /** @type {'unsafe' \| 'safe'} */ (
		getenv('LOCKDOWN_CONSOLE_TAMING', 'safe')
		),
		overrideTaming = getenv('LOCKDOWN_OVERRIDE_TAMING', 'moderate'),
		overrideTaming = /** @type {'moderate' \| 'min' \| 'severe'} */ (
		getenv('LOCKDOWN_OVERRIDE_TAMING', 'moderate')
		),
		stackFiltering = getenv('LOCKDOWN_STACK_FILTERING', 'concise'),
		@@ -215,2 +221,4 @@ domainTaming = getenv('LOCKDOWN_DOMAIN_TAMING', 'safe'),

		const reporter = chooseReporter(reporting);

		priorRepairIntrinsics === undefined \|\|
		@@ -281,3 +289,3 @@ // eslint-disable-next-line @endo/no-polymorphic-call
		const { addIntrinsics, completePrototypes, finalIntrinsics } =
		makeIntrinsicsCollector();
		makeIntrinsicsCollector(reporter);

		@@ -366,9 +374,18 @@ // @ts-expect-error __hardenTaming__ could be any string
		/**
		* 2. WHITELIST to standardize the environment.
		* 2. Enforce PERMITS on shared intrinsics
		*/

		// Remove non-standard properties.
		// All remaining function encountered during whitelisting are
		// All remaining functions encountered during whitelisting are
		// branded as honorary native functions.
		whitelistIntrinsics(intrinsics, markVirtualizedNativeFunction);
		reportInGroup(
		'SES Removing unpermitted intrinsics',
		reporter,
		groupReporter =>
		removeUnpermittedIntrinsics(
		intrinsics,
		markVirtualizedNativeFunction,
		groupReporter,
		),
		);

		@@ -435,3 +452,10 @@ // Initialize the powerful initial global, i.e., the global of the
		// @ts-ignore enablePropertyOverrides does its own input validation
		enablePropertyOverrides(intrinsics, overrideTaming, overrideDebug);
		reportInGroup('SES Enabling property overrides', reporter, groupReporter =>
		enablePropertyOverrides(
		intrinsics,
		overrideTaming,
		groupReporter,
		overrideDebug,
		),
		);
		if (legacyRegeneratorRuntimeTaming === 'unsafe-ignore') {
		@@ -438,0 +462,0 @@ tameRegeneratorRuntime();

src/module-link.js

		@@ -79,3 +79,3 @@ /* eslint-disable no-underscore-dangle */
		isArray(exports) \|\|
		Fail`Property 'exports' of a third-party module source must be an array, got ${q(
		Fail`Invalid module source: 'exports' of a virtual module source must be an array, got ${q(
		exports,
		@@ -87,3 +87,3 @@ )}, for module ${q(moduleSpecifier)}`;
		isObject(moduleSource) \|\|
		Fail`Module sources must be of type object, got ${q(
		Fail`Invalid module source: must be of type object, got ${q(
		moduleSource,
		@@ -93,11 +93,11 @@ )}, for module ${q(moduleSpecifier)}`;
		isArray(imports) \|\|
		Fail`Property 'imports' of a module source must be an array, got ${q(
		Fail`Invalid module source: 'imports' must be an array, got ${q(
		imports,
		)}, for module ${q(moduleSpecifier)}`;
		isArray(exports) \|\|
		Fail`Property 'exports' of a precompiled module source must be an array, got ${q(
		Fail`Invalid module source: 'exports' must be an array, got ${q(
		exports,
		)}, for module ${q(moduleSpecifier)}`;
		isArray(reexports) \|\|
		Fail`Property 'reexports' of a precompiled module source must be an array if present, got ${q(
		Fail`Invalid module source: 'reexports' must be an array if present, got ${q(
		reexports,
		@@ -144,5 +144,3 @@ )}, for module ${q(moduleSpecifier)}`;
		} else {
		throw TypeError(
		`importHook must provide a module source, got ${q(moduleSource)}`,
		);
		throw TypeError(`Invalid module source, got ${q(moduleSource)}`);
		}
		@@ -149,0 +147,0 @@

src/module-load.js

		@@ -9,2 +9,3 @@ import { getEnvironmentOption as getenv } from '@endo/env-options';
		arrayPush,
		arraySome,
		create,
		@@ -15,2 +16,3 @@ freeze,
		getOwnPropertyNames,
		isArray,
		isObject,
		@@ -90,10 +92,19 @@ mapGet,
		) => {
		const { resolveHook } = weakmapGet(compartmentPrivateFields, compartment);
		const { resolveHook, name: compartmentName } = weakmapGet(
		compartmentPrivateFields,
		compartment,
		);

		const { imports } = moduleSource;
		if (
		!isArray(imports) \|\|
		arraySome(imports, specifier => typeof specifier !== 'string')
		) {
		throw makeError(
		X`Invalid module source: 'imports' must be an array of strings, got ${imports} for module ${q(moduleSpecifier)} of compartment ${q(compartmentName)}`,
		);
		}

		// resolve all imports relative to this referrer module.
		const resolvedImports = resolveAll(
		moduleSource.imports,
		resolveHook,
		moduleSpecifier,
		);
		const resolvedImports = resolveAll(imports, resolveHook, moduleSpecifier);
		const moduleRecord = freeze({
		@@ -100,0 +111,0 @@ compartment,

src/permits-intrinsics.js

		@@ -27,3 +27,3 @@ // Copyright (C) 2011 Google Inc.
		//
		// In the whitelist, the `prototype`, `__proto__`, and `constructor` must be
		// In the permits, the `prototype`, `__proto__`, and `constructor` must be
		// specified and point to top level entries in the map. For example,
		@@ -38,3 +38,3 @@ // `Object.__proto__` leads to `FunctionPrototype` which is a top level entry
		// * an internal constant(for example, `eval` leads to `fn` which
		// is an alias for `FunctionInstance`, a record that whitelist all
		// is an alias for `FunctionInstance`, a record that permits all
		// properties allowed on such instance).
		@@ -46,3 +46,3 @@ // * false, a property to be removed that we know about.
		// name to the console as a useful diagnostic, possibly provoking an expansion
		// of the whitelist.
		// of the permits.

		@@ -67,5 +67,9 @@ import { permitted, FunctionInstance, isAccessorPermit } from './permits.js';
		} from './commons.js';
		import { cauterizeProperty } from './cauterize-property.js';

		/**
		* whitelistIntrinsics()
		* @import {Reporter} from './reporting-types.js'
		*/

		/**
		* Removes all non-allowed properties found by recursively and
		@@ -75,19 +79,10 @@ * reflectively walking own property chains.
		* @param {object} intrinsics
		* @param {(object) => void} markVirtualizedNativeFunction
		* @param {(virtualizedNativeFunction: object) => void} markVirtualizedNativeFunction
		* @param {Reporter} reporter
		*/
		export default function whitelistIntrinsics(
		export default function removeUnpermittedIntrinsics(
		intrinsics,
		markVirtualizedNativeFunction,
		reporter,
		) {
		let groupStarted = false;
		const inConsoleGroup = (level, ...args) => {
		if (!groupStarted) {
		// eslint-disable-next-line @endo/no-polymorphic-call
		console.groupCollapsed('Removing unpermitted intrinsics');
		groupStarted = true;
		}
		// eslint-disable-next-line @endo/no-polymorphic-call
		return console[level](...args);
		};

		// These primitives are allowed for permits.
		@@ -156,3 +151,3 @@ const primitives = ['undefined', 'boolean', 'number', 'string', 'symbol'];
		if (protoName !== undefined && typeof protoName !== 'string') {
		throw TypeError(`Malformed whitelist permit ${path}.__proto__`);
		throw TypeError(`Malformed permit ${path}.__proto__`);
		}
		@@ -173,3 +168,3 @@
		* isAllowedPropertyValue()
		* Whitelist a single property value against a permit.
		* enforce permit for a single property value.
		*/
		@@ -202,3 +197,3 @@ function isAllowedPropertyValue(path, value, prop, permit) {
		if (value !== intrinsics[permit]) {
		throw TypeError(`Does not match whitelist ${path}`);
		throw TypeError(`Does not match permit for ${path}`);
		}
		@@ -296,34 +291,3 @@ return true;
		if (!subPermit \|\| !isAllowedProperty(subPath, obj, prop, subPermit)) {
		// Either the object lacks a permit or the object doesn't match the
		// permit.
		// If the permit is specifically false, not merely undefined,
		// this is a property we expect to see because we know it exists in
		// some environments and we have expressly decided to exclude it.
		// Any other disallowed property is one we have not audited and we log
		// that we are removing it so we know to look into it, as happens when
		// the language evolves new features to existing intrinsics.
		if (subPermit !== false) {
		inConsoleGroup('warn', `Removing ${subPath}`);
		}
		try {
		delete obj[prop];
		} catch (err) {
		if (prop in obj) {
		if (typeof obj === 'function' && prop === 'prototype') {
		obj.prototype = undefined;
		if (obj.prototype === undefined) {
		inConsoleGroup(
		'warn',
		`Tolerating undeletable ${subPath} === undefined`,
		);
		// eslint-disable-next-line no-continue
		continue;
		}
		}
		inConsoleGroup('error', `failed to delete ${subPath}`, err);
		} else {
		inConsoleGroup('error', `deleting ${subPath} threw`, err);
		}
		throw err;
		}
		cauterizeProperty(obj, prop, subPermit === false, subPath, reporter);
		}
		@@ -333,12 +297,5 @@ }

		try {
		// Start path with 'intrinsics' to clarify that properties are not
		// removed from the global object by the whitelisting operation.
		visitProperties('intrinsics', intrinsics, permitted);
		} finally {
		if (groupStarted) {
		// eslint-disable-next-line @endo/no-polymorphic-call
		console.groupEnd();
		}
		}
		// Start path with 'intrinsics' to clarify that properties are not
		// removed from the global object by the permitting operation.
		visitProperties('intrinsics', intrinsics, permitted);
		}

src/permits.js

		@@ -9,3 +9,3 @@ /* eslint-disable no-restricted-globals */
		/**
		* @file Exports {@code whitelist}, a recursively defined
		* @module Exports {@code permits}, a recursively defined
		* JSON record enumerating all intrinsics and their properties
		@@ -36,3 +36,3 @@ * according to ECMA specs.
		* Must be powerless.
		* Maps from property name to the intrinsic name in the whitelist.
		* Maps from property name to the intrinsic name in the permits.
		*/
		@@ -120,3 +120,3 @@ export const universalPropertyNames = {
		* These may provide much of the power provided by the original.
		* Maps from property name to the intrinsic name in the whitelist.
		* Maps from property name to the intrinsic name in the permits.
		*/
		@@ -131,3 +131,3 @@ export const initialGlobalPropertyNames = {
		// Omit `Symbol`, because we want the original to appear on the
		// start compartment without passing through the whitelist mechanism, since
		// start compartment without passing through the permits mechanism, since
		// we want to preserve all its properties, even if we never heard of them.
		@@ -156,3 +156,3 @@ // Symbol: '%InitialSymbol%',
		* which must therefore be powerless.
		* Maps from property name to the intrinsic name in the whitelist.
		* Maps from property name to the intrinsic name in the permits.
		*/
		@@ -176,3 +176,3 @@ export const sharedGlobalPropertyNames = {
		* of the start compartment.
		* Maps from property name to the intrinsic name in the whitelist
		* Maps from property name to the intrinsic name in the permits
		* (which is currently always the same).
		@@ -237,3 +237,3 @@ */
		* <li>A string value equal to a primitive ("number", "string", etc),
		* in which case the property is whitelisted if its value property
		* in which case the property is permitted if its value property
		* is typeof the given type. For example, {@code "Infinity"} leads to
		@@ -243,3 +243,3 @@ * "number" and property values that fail {@code typeof "number"}.
		* <li>A string value equal to an intinsic name ("ObjectPrototype",
		* "Array", etc), in which case the property whitelisted if its
		* "Array", etc), in which case the property permitted if its
		* value property is equal to the value of the corresponfing
		@@ -250,3 +250,3 @@ * intrinsics. For example, {@code Map.prototype} leads to
		* <li>Another record, in which case this property is simply
		* whitelisted and that next record represents the disposition of
		* permitted and that next record represents the disposition of
		* the object which is its value. For example, {@code "Object"}
		@@ -1508,3 +1508,3 @@ * leads to another record explaining what properties {@code
		// Promise.delegate and put static methods on it, which will necessitate
		// another whitelist change to update to the current proposed standard.
		// another permits change to update to the current proposed standard.
		HandledPromise: {
		@@ -1562,2 +1562,4 @@ '[[Proto]]': 'Promise',
		'@@species': getter,
		// https://github.com/tc39/proposal-promise-try
		try: fn,
		},
		@@ -1564,0 +1566,0 @@

src/tame-symbol-constructor.js

		@@ -19,4 +19,4 @@ import {
		* Starting these properties as configurable assumes two succeeding phases of
		* processing: A whitelisting phase, that
		* removes all properties not on the whitelist (which requires them to be
		* processing: A permit enforcement phase, that
		* removes all properties not on the permits (which requires them to be
		* configurable) and a global hardening step that freezes all primordials,
		@@ -23,0 +23,0 @@ * returning these properties to their expected non-configurable status.

types.d.ts

		/**
		* @file Types of the SES environment
		* @module Types of the SES environment
		*/
		@@ -27,2 +27,3 @@
		errorTrapping?: 'platform' \| 'exit' \| 'abort' \| 'report' \| 'none';
		reporting?: 'platform' \| 'console' \| 'none';
		unhandledRejectionTrapping?: 'report' \| 'none';
		@@ -29,0 +30,0 @@ errorTaming?: 'safe' \| 'unsafe' \| 'unsafe-debug';

dist/lockdown.cjs