Policy-restricted modules can escalate to higher privileges by impersonating other modules in a policy list using module.constructor.createRequire()