UNPKG

lavamoat

Version:

`lavamoat` is a NodeJS runtime where modules are defined in [SES][SesGithub] Compartments. It aims to reduce the risk of malicious code in the app dependency graph, known as "software supply chain attacks".

github.com/LavaMoat/lavamoat

LavaMoat/lavamoat

29 lines (25 loc) 878 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
const vm = require('node:vm') const { getSesShimSrc } = require('lavamoat-core/src/generateKernel') module.exports = { createFreshRealmCompartment } let sesCompartmentSrc function createFreshRealmCompartment() { // lazily load the Compartment source if (!sesCompartmentSrc) { sesCompartmentSrc = getSesShimSrc() } // create a seperate realm for running code const context = vm.createContext() // circular ref (used when globalThis is not present) const needsGlobalThisPath = vm.runInContext( 'typeof globalThis === "undefined"', context ) if (needsGlobalThisPath) { context.globalThis = context } // run the ses compartment shim, but dont call lockdown vm.runInContext(sesCompartmentSrc, context) // create the compartment in the other realm const compartment = vm.runInContext('new Compartment()', context) return compartment }