Hey, thank you for making it open source
I am very curious about isolated-vm
You mentioned isolated-vm is better than instantiating new processes and
sandboxing inside the main process. vm2 is popular for these use cases but
there is one more problem with vm2
error handling is not isolated for unhandled promises you will have to
catch error by process.('onUnhandledRejection', callback) which can't tell
which sandbox threw that error
How isolated-vm overcomes these shortcomings?
On Tuesday, March 6, 2018 at 2:09:09 AM UTC+5:30, mar...@laverdet.com wrote:
>
> Hi everyone, I wanted to post a note about a module I've been tinkering
> with for a while. It gives you the ability to create isolated JavaScript
> environments in a nodejs application. You can use this to securely run
> untrusted code with strict limits on memory and CPU time usage.
> Additionally, this gives you the capability to run JS code in parallel in
> multiple threads in the same process.
>
> Currently the only way to run untrusted code securely is to make a new
> process for your sandboxed code. This can be cumbersome to manage if you
> need to run a lot of sandboxes at the same time. There are also some
> solutions which will run the untrusted code within one nodejs process, but
> your code will end up sharing memory and garbage collection with the
> untrusted code which is no good. And all existing nodejs-based solutions
> rely heavily on proxied objects to keep untrusted code away from the
> powerful nodejs `require` function. isolated-vm starts from a fresh v8
> isolate and lets you build an environment for the untrusted code from
> scratch.
>
> I originally wrote this module for Screeps [https://screeps.com/] which
> is a massively-multiplayer online JS game. Screeps has the unique
> requirement of needing to run hundreds of persistent sandboxes for
> player-submitted code. They're currently running this module in production
> with promising results.
>
> A new startup fly.io [https://fly.io/] is also using this module to edge
> cache middleware. Their use case is a little different from Screeps, as
> each request to a middleware endpoint will use a fresh JS context, whereas
> Screeps tends to leave contexts alive for days at a time.
>
> Anyway if this is interesting to you please check it out on github:
> https://github.com/laverdet/isolated-vm or `npm install isolated-vm`.
> Note you will need a C++ compiler installed to build the project,
> instructions are available at https://github.com/nodejs/node-gyp . Also
> note that this is targeting nodejs version 8.
>
--
Job board: http://jobs.nodejs.org/
New group rules:
https://gist.github.com/othiym23/9886289#file-moderation-policy-md
Old group rules:
https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines
---
You received this message because you are subscribed to the Google Groups
"nodejs" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to nodejs+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/nodejs/d7b4306f-5464-4fc1-88a0-28b87e5994eco%40googlegroups.com.
