vee-eight

Safely execute arbitrary untrusted JavaScript from nodejs. This module implements a lightweight isolated JavaScript environment that can be used to run any code without being able to escape the sandbox. The V8 context is initialized and executed entirely from C++ so it's impossible for the JS stack frames to lead back to the nodejs environment. It's usable from a nodejs process, but the JS environment is pure V8.

See example.js for usage

Installation

npm install vee-eight

Once installed, import it into your module via:

const VeeEight = require('vee-eight').VeeEight

API

Initialize a new VeeEight instance:

const v8 = new VeeEight()

Use execute(code) to run the specified code block:

v8.execute("1+2")
// #=> 3

State will be preserved between function calls:

v8.execute("var = 42")
v8.execute("var")
// # => 42

To clear the context invoke reset():

v8.reset()
v8.execute("var")
// # => ReferenceError: s is not defined

To limit long running operations, set a timeout with: timeout(milliseconds):

v8.timeout(1000) // 1 second timeout
v8.execute("while(true){}")
// # => timed out

License

vee-eight is licensed under The MIT License