TypeScript eval

Open-source TypeScript projects categorized as eval
Edit details
Topics: JavaScript Security Plugins NodeJS ES6
The modern identity platform for B2B SaaS
The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
workos.com
Sponsored

TypeScript eval Projects

  • quickjs-emscripten

    Safely execute untrusted Javascript in your Javascript, and execute synchronous code that uses async functions

    • Project mention: New QuickJS Release | news.ycombinator.com | 2023-12-09

    Based on your comment below I think you figured out the difference - but if you're looking to execute JS, you can pick between ShadowRealm (where available, or using a polyfill) or my library quickjs-emscripten.

    Pros of quickjs-emscripten over ShadowRealm:

    - You can use quickjs today in any browser with WASM. ShadowRealm isn't available yet, and polyfills have had security issues in the past. See https://www.figma.com/blog/an-update-on-plugin-security/

    - In ShadowRealm eval, untrusted code can consume arbitrary CPU cycles. With QuickJS, you can control the CPU time used during an `eval` using an [interrupt handler] that's called periodically during the eval.

    - In ShadowRealm eval, untrusted code can allocate arbitrary amounts of memory. With QuickJS, you can control both the [stack size] and the [heap size] available inside the runtime.

    - quickjs-emscripten can do interesting things with custom module loaders and facades that allow synchronous code inside the runtime to call async code on the host.

    Pros of ShadowRealm over QuickJS:

    - ShadowRealm will (presumably?) execute code using your native runtime, probably v8, JavaScriptCore, or SpiderMonkey. Quickjs is orders of magnitude slower than JIT'd javascript performance of v8 etc. It's also slower than v8/JSC's interpreters, although not by a huge amount. See [benchmarks] from 2019.

    - You can easily call and pass values to ShadowRealm imported functions. Talking to quickjs-emscripten guest code requires a lot of fiddly and manual object building.

    - Overall the quickjs(-emscripten) API is verbose, and requires manual memory management of references to values inside the quickjs runtime.

    [interrupt handler]: https://github.com/justjake/quickjs-emscripten/blob/main/doc...

    [stack size]: https://github.com/justjake/quickjs-emscripten/blob/main/doc...

    [heap size]: https://github.com/justjake/quickjs-emscripten/blob/main/doc...

    [benchmarks]: https://bellard.org/quickjs/bench.html

  • run

    Safely execute untrusted code with ESM syntax support, dynamic injection of ESM modules from URL or plain JS code, and granular access control based on whitelisting for each JS object. (by initminal)

  • SurveyJS

    Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

    SurveyJS logo
NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020).

TypeScript eval related posts

Index

Project Stars
1 quickjs-emscripten 1,122
2 run 26

Sponsored
Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com