Package Exports
- v8-sandbox
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (v8-sandbox) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
v8-sandbox
Safely execute arbitrary untrusted Javascript. This module implements a hermetically sealed Javascript environment that can be used to run any Javascript code without being able to escape the sandbox. V8 is initialized and executed entirely from C++ so it's impossible for the JS stack frames to lead back to the nodejs environment. It's usable from a nodejs process, but the JS environment is pure V8 ECMA-262.
Installation
npm install v8-sandboxAPI
import Sandbox from 'v8-sandbox';
const sandbox = new Sandbox();
const js = `
// arbitrary JS, call setResult to set the final result of the script to accommodate async code
setResult({value: 1});
`;
sandbox.execute(js, 3000, (err, value) => {
console.log(value);
});import Sandbox from 'v8-sandbox';
const sandbox = new Sandbox();
const js = `
while (true) {}
`;
sandbox.execute(js, 3000, (err, value) => {
// timeout
console.log(err.isTimeout);
});