Description
process.binding('util') has been some kind of hotch-potch of "bindings the JS internals need but don't fall in the scope of a particular binding namespace". There is no compatibility guarantee about what's in this object and changes to it are completely at the whims of Node.js maintainers.
However process.binding('util') has been accessible in the user land and is abused by users (refs: #29947 (comment) - considering how volatile it is, when touching this binding I had always been wondering if anyone actually abuses this, until I saw the issue). I propose we try creating a new, internal namespace (that is, a namespace that's not in the whitelist here) and try moving everything away to that internal namespace to reduce the abuse.
On a side note, I think there should be a comment in node_utils.cc warning that any additions to the binding is at the risk of user-land abuse.