UNPKG

deno-vm

Version:

A VM module that provides a secure runtime environment via Deno.

github.com/casual-simulation/node-deno-vm

casual-simulation/node-deno-vm

263 lines (262 loc) 8.78 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
/// <reference types="node" /> import { SpawnOptions } from 'child_process'; import { URL } from 'url'; import { OnMessageListener, MessageEvent, Transferrable, OnExitListener } from './MessageTarget'; import { Readable } from 'stream'; export interface DenoWorkerOptions { /** * The path to the executable that should be use when spawning the subprocess. * Defaults to "deno". */ denoExecutable: string; /** * The path to the script that should be used to bootstrap the worker environment in Deno. * If specified, this script will be used instead of the default bootstrap script. * Only advanced users should set this. */ denoBootstrapScriptPath: string; /** * Whether to reload scripts. * If given a list of strings then only the specified URLs will be reloaded. * Defaults to false when NODE_ENV is set to "production" and true otherwise. */ reload: boolean | string[]; /** * Whether to log stdout from the worker. * Defaults to true. */ logStdout: boolean; /** * Whether to log stderr from the worker. * Defaults to true. */ logStderr: boolean; /** * Whether to use Deno's unstable features */ denoUnstable: boolean | { /** * Enable unstable bare node builtins feature */ bareNodeBuiltins?: boolean; /** * Enable unstable 'bring your own node_modules' feature */ byonm?: boolean; /** * Enable unstable resolving of specifiers by extension probing, * .js to .ts, and directory probing. */ sloppyImports?: boolean; /** * Enable unstable `BroadcastChannel` API */ broadcastChannel?: boolean; /** * Enable unstable Deno.cron API */ cron?: boolean; /** * Enable unstable FFI APIs */ ffi?: boolean; /** * Enable unstable file system APIs */ fs?: boolean; /** * Enable unstable HTTP APIs */ http?: boolean; /** * Enable unstable Key-Value store APIs */ kv?: boolean; /** * Enable unstable net APIs */ net?: boolean; /** * Enable unstable Temporal API */ temporal?: boolean; /** * Enable unsafe __proto__ support. This is a security risk. */ unsafeProto?: boolean; /** * Enable unstable `WebGPU` API */ webgpu?: boolean; /** * Enable unstable Web Worker APIs */ workerOptions?: boolean; }; /** * V8 flags to be set when starting Deno */ denoV8Flags: string[]; /** * Path where deno can find an import map */ denoImportMapPath: string; /** * Path where deno can find a lock file */ denoLockFilePath: string; /** * Whether to disable fetching uncached dependencies */ denoCachedOnly: boolean; /** * Whether to disable typechecking when starting Deno */ denoNoCheck: boolean; /** * Allow Deno to make requests to hosts with certificate * errors. */ unsafelyIgnoreCertificateErrors: boolean; /** * Specify the --location flag, which defines location.href. * This must be a valid URL if provided. */ location: string; /** * The permissions that the Deno worker should use. */ permissions: { /** * Whether to allow all permissions. * Defaults to false. */ allowAll?: boolean; /** * Whether to allow network connnections. * If given a list of strings then only the specified origins/paths are allowed. * Defaults to false. */ allowNet?: boolean | string[]; /** * Disable network access to provided IP addresses or hostnames. Any addresses * specified here will be denied access, even if they are specified in * `allowNet`. Note that deno-vm needs a network connection between the host * and the guest, so it's not possible to fully disable network access. */ denyNet?: string[]; /** * Whether to allow reading from the filesystem. * If given a list of strings then only the specified file paths are allowed. * Defaults to false. */ allowRead?: boolean | string[]; /** * Whether to allow writing to the filesystem. * If given a list of strings then only the specified file paths are allowed. * Defaults to false. */ allowWrite?: boolean | string[]; /** * Whether to allow reading environment variables. * Defaults to false. */ allowEnv?: boolean | string[]; /** * Whether to allow running Deno plugins. * Defaults to false. */ allowPlugin?: boolean; /** * Whether to allow running subprocesses. * Defaults to false. */ allowRun?: boolean | string[]; /** * Whether to allow high resolution time measurement. * Defaults to false. */ allowHrtime?: boolean; }; /** * Options used to spawn the Deno child process */ spawnOptions: SpawnOptions; } /** * The DenoWorker class is a WebWorker-like interface for interacting with Deno. * * Because Deno is an isolated environment, this worker gives you the ability to run untrusted JavaScript code without * potentially compromising your system. */ export declare class DenoWorker { private _httpServer; private _server; private _process; private _socket; private _socketClosed; private _onmessageListeners; private _onexitListeners; private _available; private _pendingMessages; private _options; private _ports; private _terminated; private _stdout; private _stderr; /** * Creates a new DenoWorker instance and injects the given script. * @param script The JavaScript that the worker should be started with. */ constructor(script: string | URL, options?: Partial<DenoWorkerOptions>); get stdout(): Readable; get stderr(): Readable; /** * Represents an event handler for the "message" event, that is a function to be called when a message is recieved from the worker. */ onmessage: (e: MessageEvent) => void; /** * Represents an event handler for the "exit" event. That is, a function to be called when the Deno worker process is terminated. */ onexit: (code: number, signal: string) => void; /** * Sends a message to the worker. * @param data The data to be sent. Copied via the Structured Clone algorithm so circular references are supported in addition to typed arrays. * @param transfer Values that should be transferred. This should include any typed arrays that are referenced in the data. */ postMessage(data: any, transfer?: Transferrable[]): void; /** * Closes the websocket, which may allow the process to exit natually. */ closeSocket(): void; /** * Terminates the worker and cleans up unused resources. */ terminate(): void; /** * Adds the given listener for the "message" event. * @param type The type of the event. (Always "message") * @param listener The listener to add for the event. */ addEventListener(type: 'message', listener: OnMessageListener): void; /** * Adds the given listener for the "exit" event. * @param type The type of the event. (Always "exit") * @param listener The listener to add for the event. */ addEventListener(type: 'exit', listener: OnExitListener): void; /** * Removes the given listener for the "message" event. * @param type The type of the event. (Always "message") * @param listener The listener to remove for the event. */ removeEventListener(type: 'message', listener: OnMessageListener): void; /** * Removes the given listener for the "exit" event. * @param type The type of the event. (Always "exit") * @param listener The listener to remove for the event. */ removeEventListener(type: 'exit', listener: OnExitListener): void; private _postMessage; private _handleTransferrables; }