UNPKG

lavamoat

Version:

`lavamoat` is a NodeJS runtime where modules are defined in [SES][SesGithub] Compartments. It aims to reduce the risk of malicious code in the app dependency graph, known as "software supply chain attacks".

github.com/LavaMoat/lavamoat

LavaMoat/lavamoat

102 lines (93 loc) 2.91 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
/* eslint-disable no-eval */ const path = require('node:path') const fs = require('node:fs') const { loadPolicy, loadPolicyAndApplyOverrides, jsonStringifySortedPolicy, } = require('lavamoat-core') const { loadCanonicalNameMap } = require('@lavamoat/aa') const { parseForPolicy } = require('./parseForPolicy') const { createKernel } = require('./kernel') const defaults = require('./defaults') async function runLava(options) { options = Object.assign({}, defaults, options) options.projectRoot = path.resolve(options.projectRoot) options.entryPath = path.resolve(options.projectRoot, options.entryPath) options.policyPath = path.resolve(options.projectRoot, options.policyPath) options.policyOverridePath = path.resolve( options.projectRoot, options.policyOverridePath ) options.policyDebugPath = path.resolve( options.projectRoot, options.policyDebugPath ) const { entryPath: entryId, writeAutoPolicy, writeAutoPolicyDebug, writeAutoPolicyAndRun, policyPath, policyDebugPath, policyOverridePath, projectRoot, scuttleGlobalThis, debugMode, statsMode, } = options const shouldParseApplication = writeAutoPolicy || writeAutoPolicyDebug || writeAutoPolicyAndRun const shouldRunApplication = (!writeAutoPolicy && !writeAutoPolicyDebug) || writeAutoPolicyAndRun if (shouldParseApplication) { // parse mode const includeDebugInfo = Boolean(writeAutoPolicyDebug) const policyOverride = await loadPolicy({ debugMode, policyPath: policyOverridePath, }) console.warn(`LavaMoat generating policy from entry "${entryId}"...`) const policy = await parseForPolicy({ projectRoot, entryId, policyOverride, includeDebugInfo, }) // write policy debug file if (includeDebugInfo) { fs.mkdirSync(path.dirname(policyDebugPath), { recursive: true }) fs.writeFileSync(policyDebugPath, jsonStringifySortedPolicy(policy)) console.warn(`LavaMoat wrote policy debug to "${policyDebugPath}"`) } // cleanup debug info delete policy.debugInfo // write policy file fs.mkdirSync(path.dirname(policyPath), { recursive: true }) fs.writeFileSync(policyPath, jsonStringifySortedPolicy(policy)) console.warn(`LavaMoat wrote policy to "${policyPath}"`) } if (shouldRunApplication) { // execution mode const lavamoatPolicy = await loadPolicyAndApplyOverrides({ debugMode, policyPath, policyOverridePath, }) const canonicalNameMap = await loadCanonicalNameMap({ rootDir: projectRoot, includeDevDeps: true, }) const kernel = createKernel({ projectRoot, lavamoatPolicy, canonicalNameMap, scuttleGlobalThis, debugMode, statsMode, }) // run entrypoint kernel.internalRequire(entryId) } } module.exports = { runLava }