A node security policy is similar in concept to a CSP.
{
"sha384-...": { // <- this is the hash of a source (which self describes its hashing algorithm)
fs: [ // <- this is an "entitlement", it's a whitelist (an array of objects)
{
path: "/home/alice/**/*", // <- this is a "resource" (a filesystem path)