Skip to main content
Module

x/enzastdlib/realm/realm.ts>Realm

enzastdlib is a set of TypeScript modules that follow a common design API philosophy aiming at sane defaults and ease-of-use targeting the Deno TypeScript runtime.
novacbn/enzastdlib
Latest
interface Realm
import { type Realm } from "https://deno.land/x/enzastdlib@v0.0.4/realm/realm.ts";

Represents a custom JavaScript / TypeScript execution environment that can run code within a sandbox.

Properties

readonly
importModule: <Exports = unknown>(specifier: string | URL) => Promise<Exports>

Imports a module from the file system to be evaluated in the Realm's execution environment.

NOTE: Imported modules can import modules relative to themselves or to RealmOptions.cwd via absolute imports.

WARNING: Code is transpiled into JavaScript before being ran. This means type checking is never performed. That must happen through CLI / CI steps. Also means stacktraces will be mangled.

WARNING: While you can control the environment through RealmOptions, you cannot control compute and resource usage of evaluated code. For instance evaluated code can have while (true) {} to lock up the current process.

WARNING: While you can control the environment through RealmOptions, this does not guarantee the sandbox cannot be escaped through APIs you expose or exploits in the V8 JavaScript engine.

RECOMMENDATION: If you require a greater degree of security for sandboxing untrusted code then run the Realm in a Worker with limited permissions that communicates via IPC with the main process for functionality. And / or use tools provided in your operating system's ecosystem to further lock down attack surface.