import { type Realm } from "https://deno.land/x/enzastdlib@v0.0.4/realm/realm.ts";
Represents a custom JavaScript / TypeScript execution environment that can run code within a sandbox.
Properties
Imports a module from the file system to be evaluated in the Realm
's
execution environment.
NOTE: Imported modules can import modules relative to themselves or to
RealmOptions.cwd
via absolute imports.
WARNING: Code is transpiled into JavaScript before being ran. This means type checking is never performed. That must happen through CLI / CI steps. Also means stacktraces will be mangled.
WARNING: While you can control the environment through
RealmOptions
, you cannot control compute and resource usage of evaluated code. For instance evaluated code can havewhile (true) {}
to lock up the current process.
WARNING: While you can control the environment through
RealmOptions
, this does not guarantee the sandbox cannot be escaped through APIs you expose or exploits in the V8 JavaScript engine.
RECOMMENDATION: If you require a greater degree of security for sandboxing untrusted code then run the
Realm
in aWorker
with limited permissions that communicates via IPC with the main process for functionality. And / or use tools provided in your operating system's ecosystem to further lock down attack surface.