Hi everyone, I wanted to post a note about a module I've been tinkering with for a while. It gives you the ability to create isolated JavaScript environments in a nodejs application. You can use this to securely run untrusted code with strict limits on memory and CPU time usage. Additionally, this gives you the capability to run JS code in parallel in multiple threads in the same process.
Currently the only way to run untrusted code securely is to make a new process for your sandboxed code. This can be cumbersome to manage if you need to run a lot of sandboxes at the same time. There are also some solutions which will run the untrusted code within one nodejs process, but your code will end up sharing memory and garbage collection with the untrusted code which is no good. And all existing nodejs-based solutions rely heavily on proxied objects to keep untrusted code away from the powerful nodejs `require` function. isolated-vm starts from a fresh v8 isolate and lets you build an environment for the untrusted code from scratch. I originally wrote this module for Screeps [https://screeps.com/] which is a massively-multiplayer online JS game. Screeps has the unique requirement of needing to run hundreds of persistent sandboxes for player-submitted code. They're currently running this module in production with promising results. A new startup fly.io [https://fly.io/] is also using this module to edge cache middleware. Their use case is a little different from Screeps, as each request to a middleware endpoint will use a fresh JS context, whereas Screeps tends to leave contexts alive for days at a time. Anyway if this is interesting to you please check it out on github: https://github.com/laverdet/isolated-vm or `npm install isolated-vm`. Note you will need a C++ compiler installed to build the project, instructions are available at https://github.com/nodejs/node-gyp . Also note that this is targeting nodejs version 8. -- Job board: http://jobs.nodejs.org/ New group rules: https://gist.github.com/othiym23/9886289#file-moderation-policy-md Old group rules: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/nodejs/9805829a-c9b8-4d64-a0d9-edd58563e4b0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
