0.0.2 • Published 10 months ago

run-sandbox v0.0.2

Weekly downloads
-
License
MIT
Repository
github
Last release
10 months ago

run-sandbox

Last version Coverage Status NPM Status

Runs untrusted code in a Node.js v8 sandbox. Built on top of v8-sandbox.

Install

npm install run-sandbox --save

Usage

const runSandbox = require('run-sandbox')

/* This function will run in a sandbox, in a separate process */
const sum = runSandbox((y, z) => y + z)

/* Interact with it as usual from your main code */
const result = await sum(3, 2)

console.log(result)

You can also use `require' for external dependencies:

const isEmoji = runSandbox(emoji => {
  const isEmoji = require('is-standard-emoji')
  return isEmoji(emoji)
})

await isEmoji('🙌') // => true
await isEmoji('foo') // => false

The dependencies are bundled with the source code into a single file that is executed in the sandbox.

It's intentionally not possible to expose any Node.js objects or functions directly to the sandbox (such as process, or filesystem). This makes it slightly harder to integrate into a project, but has the benefit of guaranteed isolation.

API

runSandbox(snippet, options)

snippet

Required Type: string

The source code to run.

options

foo

Type: boolean Default: false

Lorem ipsum.

License

run-sandbox © Kiko Beats, released under the MIT License. Authored and maintained by Kiko Beats with help from contributors.

kikobeats.com · GitHub @Kiko Beats · X @Kikobeats

isolatedjavascriptjssandboxv8
acornacorn-walkensure-erroresbuildserialize-errortinyspawnv8-sandbox
0.0.1

10 months ago

0.0.2

10 months ago

0.0.0

10 months ago