dukpy
binjs-ref
dukpy | binjs-ref | |
---|---|---|
4 | 1 | |
452 | 427 | |
- | 0.0% | |
5.7 | 0.0 | |
about 2 months ago | almost 3 years ago | |
JavaScript | Rust | |
MIT License | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
dukpy
- YouTube-dl has a JavaScript interpreter written in 870 lines of Python
-
Python is in the browser. No idea if this will lead to chaos or harmony...
oh good, maybe we can now use python's javascript interpreter in browsers https://github.com/amol-/dukpy
-
Web Browser Engineering
I was interested to see that this uses the DukPy wrapper around Duktape for the JavaScript interpreter: https://browser.engineering/scripts.html
This made me start digging into whether this was considered a "safe" way of executing untrusted JavaScript in a sandbox.
its not completely clear to me if DukPy currently attempts safe evaluation - it's missing options for setting time or memory limits on executed code for example: https://github.com/amol-/dukpy
There's a QuickJS Python wrapper here which offers those limits: https://github.com/PetterS/quickjs
I'm pretty paranoid though any time it comes to security and dependencies written in C, so I'd love to see a Python wrapper around a JavaScript engine that has safe sandbox execution as a key goal plus an extensive track record to back it up!
-
My friend thought that 1 is a string in Python
I didn't write it, but here you go. Thanks to the fact that you can pass Python arguments to the JavaScript function, it will nicely cast them for you (via JSON) and make them behave per a Javascript object, which can then do some funsies to make it act like a string.
binjs-ref
-
Python is in the browser. No idea if this will lead to chaos or harmony...
There was a proposal a little while back for BinAST which gets you some of the same benefits as bytecode, but not all... mainly just reducing the parse time and maybe even allowing more pipelined evaluation. See https://github.com/binast/binjs-ref
What are some alternatives?
quickjs - Thin Python wrapper of https://bellard.org/quickjs/
esprima - ECMAScript parsing infrastructure for multipurpose analysis
jsx-control-statements - Neater If and For for React JSX
kataw - An 100% spec compliant ES2022 JavaScript toolchain
prettier - Prettier is an opinionated code formatter.
jsonpath - JsonPath engine written in Rust. Webassembly and Javascript support too
PyMiniRacer - PyMiniRacer is a V8 bridge in Python.
hex - A user-friendly re-implementation of existing hex tools in Rust
pyodide - Pyodide is a Python distribution for the browser and Node.js based on WebAssembly
vado - A demo web browser engine written in Haskell
swc - Rust-based platform for the Web