UNPKG

@sebastianwessel/quickjs

Version:

A typescript package to execute JavaScript and TypeScript code in a WebAssembly QuickJS sandbox

github.com/sebastianwessel/quickjs

sebastianwessel/quickjs

94 lines (64 loc) 3.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# QuickJS - Execute JavaScript and TypeScript in a WebAssembly QuickJS Sandbox This TypeScript package allows you to safely execute **JavaScript AND TypeScript code** within a WebAssembly sandbox using the QuickJS engine. Perfect for isolating and running untrusted code securely, it leverages the lightweight and fast QuickJS engine compiled to WebAssembly, providing a robust environment for code execution. **[View the full documentation](https://sebastianwessel.github.io/quickjs/)** | **[Find examples in the repository](https://github.com/sebastianwessel/quickjs/tree/main/example)** | **[Online Playground](https://sebastianwessel.github.io/quickjs/playground.html)** ## Features - **Security**: Run untrusted JavaScript and TypeScript code in a safe, isolated environment. - **Basic Node.js modules**: Provides basic standard Node.js module support for common use cases. - **File System**: Can mount a virtual file system. - **Custom Node Modules**: Custom node modules are mountable. - **Fetch Client**: Can provide a fetch client to make http(s) calls. - **Test-Runner**: Includes a test runner and chai based `expect`. - **Performance**: Benefit from the lightweight and efficient QuickJS engine. - **Versatility**: Easily integrate with existing TypeScript projects. - **Simplicity**: User-friendly API for executing and managing JavaScript and TypeScript code in the sandbox. ## Basic Usage Here's a simple example of how to use the package: ```typescript import variant from "@jitl/quickjs-ng-wasmfile-release-sync"; import { type SandboxOptions, loadQuickJs } from "@sebastianwessel/quickjs"; // General setup like loading and init of the QuickJS wasm // It is a ressource intensive job and should be done only once if possible const { runSandboxed } = await loadQuickJs(variant); const options: SandboxOptions = { allowFetch: true, // inject fetch and allow the code to fetch data allowFs: true, // mount a virtual file system and provide node:fs module env: { MY_ENV_VAR: "env var value", }, }; const code = ` import { join } from 'path' const fn = async ()=>{ console.log(join('src','dist')) // logs "src/dist" on host system console.log(env.MY_ENV_VAR) // logs "env var value" on host system const url = new URL('https://example.com') const f = await fetch(url) return f.text() } export default await fn() `; const result = await runSandboxed( async ({ evalCode }) => evalCode(code), options, ); console.log(result); // { ok: true, data: '<!doctype html>\n<html>\n[....]</html>\n' } ``` **[View the full documentation](https://sebastianwessel.github.io/quickjs/)** **[Find examples in the repository](https://github.com/sebastianwessel/quickjs/tree/main/example)** ## Credits This lib is based on: - [quickjs-emscripten](https://github.com/justjake/quickjs-emscripten) - [quickjs-emscripten-sync](https://github.com/reearth/quickjs-emscripten-sync) - [memfs](https://github.com/streamich/memfs) - [Chai](https://www.chaijs.com) Tools used: - [Bun](https://bun.sh) - [Biome](https://biomejs.dev) - [Hono](https://hono.dev) - [poolifier-web-worker](https://github.com/poolifier/poolifier-web-worker) - [tshy](https://github.com/isaacs/tshy) - [autocannon](https://github.com/mcollina/autocannon) ## License This project is licensed under the MIT License. --- This package is ideal for developers looking to execute JavaScript code securely within a TypeScript application, ensuring both performance and safety with the QuickJS WebAssembly sandbox.