vm2
eps
vm2 | eps | |
---|---|---|
14 | 1 | |
3,826 | 12 | |
- | - | |
4.5 | 0.0 | |
about 2 months ago | about 1 year ago | |
JavaScript | Go | |
MIT License | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
vm2
- Vm2 discontinued due to unfixable security issues
- VM2 (Puppeteer Dependency) Is Deprecated Due to Critical Security Issues
- NPM package vm2 is no longer secure
-
CVE-2023-29017 / Query Help
Sandbox Escape · Advisory · patriksimek/vm2 · GitHub
- Sandbox Escape in VM2 - designed to run untrusted code in an isolated context on Node.js servers - used by integrated development environments (IDEs) and code editors, function-as-a-service (FaaS) solutions, pen-testing frameworks, security tools, and various JavaScript-related products
- Does reinitializing a new vm cause memory leak when using vm2?
- Is there a way to destroy the vm when using vm2?
-
What is the purpose of 'vm' module?
There are projects like vm2 based on vm, but they seem to be offer best-effort solutions for avoiding frequently discovered vulnerabilities, and cannot guarantee safety in general.
-
[AskJS] How to security test JS playground?
Here is link number 1 - Previous text "vm2"
-
Run untrusted code in sandbox
Something like this? https://github.com/patriksimek/vm2
eps
-
The Perfect Configuration Format? Try TypeScript
I think parsing YAML or JSON into typed structures is the easier way to go. I e.g. do that in Golang using a little form validation and coercion library I've written. The end result is a nested, strongly typed data structure. Here's an example: https://github.com/iris-connect/eps/blob/master/settings.go (the accompanying form validation configuration: https://github.com/iris-connect/eps/blob/master/forms/settin...)
In my experience, a lot of the validation needs to be done at runtime anyway as type checking alone won't allow you to e.g. validate if a string is a valid regular expression. Also, I think using TypeScript for configuration requires you to compile & interpret the configuration file in order to check it and obtain the data values. Not sure if I like that as it requires bundling the Typescript compiler with your program.
What are some alternatives?
deno - A modern runtime for JavaScript and TypeScript.
dhall-lang - Maintainable configuration files
TypeScript - TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
dxcfg - Configuration as code for the masses
JS-Interpreter - A sandboxed JavaScript interpreter in JavaScript.
node-config - Node.js Application Configuration
jk - Configuration as Code with ECMAScript
sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
rfcs - Public change requests/proposals & ideation