easy-vm
is a simple Node.js library which helps with running securely untrusted code with whitelisted Node modules.
$ npm install easy-vm
const EasyVM = require('easy-vm');
const vm = new EasyVM({
console: true,
sandbox: {
test: 'A test variable'
},
require: {
builtin: ['fs'],
mock: {
fs: {
readFile: (path: string) => {
console.log("Nice try!");
}
}
}
}
});
vm.run(`
const fs = require('fs');
fs.readFile(''); // Outputs: Nice try!
console.log(test); // Outputs: A test variable
`);
An EasyVM
can be used to create a sandbox.
options
VMOptionsconsole
boolean - Whether to enable console in the sandbox or not.sandbox
object - A global object in VMrequire
VMRequireOptions | false - False to disable require or object to enable require with options.builtin
string[] - Array of allowed builtin modules, Use['*']
to accept all.mock
object - Collection of mocked Node modules.
EasyVM.run(code, filename)
code
stringfilename
string (optional) - Path to which Node'srequire()
relates.