Narwhals Prolong Mischief

    value-censorship

    2.0.0 • Public • Published

    value-censorship

    This is a way to run untrusted code by censoring every value that's ever called or passed to a function call. It also prevents from using catch statements (try...finally is still allowed). If your untrusted code can't call unsafe functions, there's not much it can do. Uses VM2 internally.

    Since it censors practically every possibility of breaking out of the VM, it's an effective way to secure unsafe code especially since it runs under VM2.

    Example

    const censor = require('value-censorship')
     
    censor(`
      global["eva" + "l"]("42")  // Throws CensorStop error
      global["Functio" + "n"]("42")  // Throws CensorStop error
      new (function(){}.constructor)("42")  // Throws CensorStop error
    `)
     
    censor(legitCode, { giveThisFunctionToTheCode: () => null })

    Keywords

    none

    Install

    npm i value-censorship

    DownloadsWeekly Downloads

    3

    Version

    2.0.0

    License

    ISC

    Unpacked Size

    6.53 kB

    Total Files

    6

    Last publish

    Collaborators

    • fabiosantoscode