Geek Answers Handbook

Sandboxes for Node.js

I am a complete Node noob, so I apologize if this question has an obvious answer.

I am looking to create a web application that will run plugins from untrusted sources (i.e. community views). Therefore, I need to block these plugins in the sandbox, where only certain access is allowed (it is impossible to write to disk, etc.). Ideally, a plugin could only use certain approved Node packages and interfaces.

Is this possible in Node? If so, can you point me to a package or documentation that will help me get started?

+7
source share
2 answers

Here is a short list of projects that can help you:

https://github.com/gf3/sandbox

https://github.com/hflw/node-sandbox

https://github.com/bcoe/sandcastle

https://github.com/wearefractal/boxy

I suggest the first one ( http://gf3.imtqy.com/sandbox/ ) as it is more mature.

+3
source

I would also contribute to the list with my library: https://github.com/asvd/jailed . In addition to the sandbox of untrusted code (in a limited subprocess), it makes it possible to export any set of functions inside the sandbox, thereby defining a user API for isolated code.

+1
source

More articles:


All Articles