jk
vm2
Our great sponsors
jk | vm2 | |
---|---|---|
9 | 14 | |
399 | 3,824 | |
0.3% | - | |
0.0 | 4.5 | |
over 1 year ago | about 1 month ago | |
Go | JavaScript | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
jk
- Jsonnet – The Data Templating Language
-
The Curse of NixOS
People have tried: https://github.com/jkcfg/jk
But yeah I agree. The thing is, if all you need is robust determinism why do you need a full functional language with currying and other complex concepts?
Google had the same problem for Bazel, and their solution (Starlark) is way easier to understand.
-
Pants vs. Bazel: Why Pants may be the right choice for your team
If I were writing a build system today (and I did just write one actually to test out some ideas) I would use Typescript for the language with something like jk to provide hermeticity. Typescript has many advantages, especially over Python, but mainly:
-
The Perfect Configuration Format? Try TypeScript
It's possible to sandbox most languages, and with some work you can probably make them deterministic too.
Here's an example: https://github.com/jkcfg/jk
That beats having to learn an entirely new language.
-
Cue: A new language for data validation
Maybe Javascript? A lot of web tools support Javascript config files. There's this nice-looking effort to provide a hermetic execution environment for them: https://github.com/jkcfg/jk and if you use Typescript you get an extremely good static type system too. Plus the language is already very well known with loads of tool support and documentation.
Definitely what I would use today.
-
What is the difference between JSON and YAML?
If you think "but I need conditionals and file inclusion and ..." then maybe consider just allowing a full programming language instead. Someone pointed me to jk which looks like it is heading in the right direction, except that it outputs YAML by default for some insane reason.
-
Boa release v0.13
You may be interested in jk. If you don't want to use a special purpose configuration language (jsonnet, cue, dhall, etc), this is a nice alternative that uses js in a hermetic runtime (but see their open issues for progress on that). They seem to also be adding native typescript support so you could even have type checking built-in.
vm2
- Vm2 discontinued due to unfixable security issues
- VM2 (Puppeteer Dependency) Is Deprecated Due to Critical Security Issues
- NPM package vm2 is no longer secure
-
CVE-2023-29017 / Query Help
Sandbox Escape · Advisory · patriksimek/vm2 · GitHub
- Sandbox Escape in VM2 - designed to run untrusted code in an isolated context on Node.js servers - used by integrated development environments (IDEs) and code editors, function-as-a-service (FaaS) solutions, pen-testing frameworks, security tools, and various JavaScript-related products
- Does reinitializing a new vm cause memory leak when using vm2?
- Is there a way to destroy the vm when using vm2?
-
What is the purpose of 'vm' module?
There are projects like vm2 based on vm, but they seem to be offer best-effort solutions for avoiding frequently discovered vulnerabilities, and cannot guarantee safety in general.
-
[AskJS] How to security test JS playground?
Here is link number 1 - Previous text "vm2"
-
Run untrusted code in sandbox
Something like this? https://github.com/patriksimek/vm2
What are some alternatives?
dhall-lang - Maintainable configuration files
deno - A modern runtime for JavaScript and TypeScript.
pants - The Pants Build System
TypeScript - TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
hof - Framework that joins data models, schemas, code generation, and a task engine. Language and technology agnostic.
JS-Interpreter - A sandboxed JavaScript interpreter in JavaScript.
FlatBuffers - FlatBuffers: Memory Efficient Serialization Library
sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
jsonnet - Jsonnet - The data templating language
rfcs - Public change requests/proposals & ideation
starlark-go - Starlark in Go: the Starlark configuration language, implemented in Go
sablejs - 🏖️ The safer and faster ECMA5.1 interpreter written by JavaScript