snow
vm2
snow | vm2 | |
---|---|---|
1 | 14 | |
106 | 3,887 | |
0.9% | - | |
4.6 | 0.0 | |
3 months ago | 5 months ago | |
JavaScript | JavaScript | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
snow
vm2
- Vm2 discontinued due to unfixable security issues
- VM2 (Puppeteer Dependency) Is Deprecated Due to Critical Security Issues
- NPM package vm2 is no longer secure
-
CVE-2023-29017 / Query Help
Sandbox Escape · Advisory · patriksimek/vm2 · GitHub
- Sandbox Escape in VM2 - designed to run untrusted code in an isolated context on Node.js servers - used by integrated development environments (IDEs) and code editors, function-as-a-service (FaaS) solutions, pen-testing frameworks, security tools, and various JavaScript-related products
- Does reinitializing a new vm cause memory leak when using vm2?
- Is there a way to destroy the vm when using vm2?
-
What is the purpose of 'vm' module?
There are projects like vm2 based on vm, but they seem to be offer best-effort solutions for avoiding frequently discovered vulnerabilities, and cannot guarantee safety in general.
-
[AskJS] How to security test JS playground?
Here is link number 1 - Previous text "vm2"
-
Run untrusted code in sandbox
Something like this? https://github.com/patriksimek/vm2
What are some alternatives?
react-frame-component - Render your React app to an iFrame
deno - A modern runtime for JavaScript and TypeScript.
KeeWeb - Free cross-platform password manager compatible with KeePass
JS-Interpreter - A sandboxed JavaScript interpreter in JavaScript.
DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
TypeScript - TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
CORSflare - A lightweight JavaScript CORS Reverse Proxy designed to run in a Cloudflare Worker.
jk - Configuration as Code with ECMAScript
sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
rfcs - Public change requests/proposals & ideation
sablejs - 🏖️ The safer and faster ECMA5.1 interpreter written by JavaScript
starlark-rust - A Rust implementation of the Starlark language