Skip to content

tomtomyang/js-worker-sandbox

BranchesTags

Repository files navigation

Lightweight JS Worker Execution Sandbox

English | 简体中文

Node.js's vm module allows us to compile and run code within V8 contexts, providing an isolated environment for code execution, also known as a "sandbox". When conducting security research or testing specific code, it's often necessary to evaluate code snippets' behavior without affecting the main system. The vm module provides an ideal environment for observing and analyzing code behavior.

Note: Since version 3.0.0, WorkerSandbox supports browser environment. This feature is still experimental and currently implemented based on iframe.

Overview

This project uses the vm module to create a JavaScript Worker execution sandbox, implementing the following features:

  • Code isolation: Execute code in an isolated context using Node.js's vm module;
  • Event-driven: Implement the Worker's fetch event handling mechanism;
  • Environment simulation: Simulate various APIs of the Worker Runtime;
  • Debugging support: Support console data printing for development and debugging;

Installation

npm i js-worker-sandbox -D

Usage

Node.js

const { WorkerSandbox } = require("js-worker-sandbox");

async function run() {
  const ws = new WorkerSandbox({
    script: `
addEventListener("fetch", (event) => {
  console.log(event.request.url);
  event.respondWith(new Response("Hello WorkerSandbox!"));
});`,
  });
  
  const res = await ws.dispatchFetch("http://localhost:8000/");
  
  console.log(await res.text());
  ws.dispose();
}

run();
const { WorkerSandbox } = require("js-worker-sandbox");

async function run() {
  const ws = new WorkerSandbox({
    script: `
addEventListener("fetch", (event) => {
  console.log(event.request.url);
  event.respondWith(new Response("Hello WorkerSandbox!"));
});`,
  });
  
  const res = await ws.dispatchFetch("http://localhost:8000/");
  
  console.log(await res.text());
  ws.dispose();
}

run();

Browser

import { WorkerSandbox } from "js-worker-sandbox/dist/broswer";

async function run() {
  const ws = new WorkerSandbox({
    script: `
addEventListener("fetch", (event) => {
  console.log(event.request.url);
  event.respondWith(new Response("Hello WorkerSandbox!"));
});`,
  });
  
  const res = await ws.dispatchFetch("http://localhost:8000/");
  
  console.log(await res.text());
  ws.dispose();
}

run();
import { WorkerSandbox } from "js-worker-sandbox/dist/broswer";

async function run() {
  const ws = new WorkerSandbox({
    script: `
addEventListener("fetch", (event) => {
  console.log(event.request.url);
  event.respondWith(new Response("Hello WorkerSandbox!"));
});`,
  });
  
  const res = await ws.dispatchFetch("http://localhost:8000/");
  
  console.log(await res.text());
  ws.dispose();
}

run();

API

WorkerSandbox

  • constructor(init): Accepts a configuration object where script is the JavaScript code to be executed;
  • dispatchFetch(url, requestInit): Simulates a fetch event, triggering event listeners;
  • dispose(): Clears all event listeners and releases resources;

About

Lightweight JS Worker Execution Sandbox

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages