UNPKG

postman-sandbox

Version:

Sandbox for Postman Scripts to run in Node.js or browser

github.com/postmanlabs/postman-sandbox

postmanlabs/postman-sandbox

171 lines (144 loc) 6.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
const _ = require('lodash'), { minify } = require('terser'), bundlingOptions = require('./bundling-options'), PREFER_BUILTIN = 'preferBuiltin', /** * To unite components of path in holy matrimony! * * @return {String} */ pathJoin = function () { return Array.prototype.join.call(arguments, '/').replace(/\/{1,}/g, '/'); }; let browserify, // loaded inside try-catch browserifyBuiltins; // loaded inside try-catch // The modules for browserification should only be required during development of this module and as such a production // installation should not even trigger require of this module. But in case it does, let's make the error message a bit // more consumable. try { browserify = require('browserify'); browserifyBuiltins = require('browserify/lib/builtins'); } catch (e) { console && console.error('sandbox: bundling triggered in production module installation mode'); throw e; } class Bundle { /** * Create a bundle from an options template * * @param {Object} options - * @param {Object} options.files - * @param {Object.<Object>} options.require - * @param {Boolean} options.require.global - * @param {Boolean} options.require.preferBuiltin - * @param {String} options.require.resolve - * @param {String} options.require.expose - * @param {Boolean|Object} options.compress - * @param {Array.<String>} options.ignore - * @param {Object=} [options.bundler] - */ constructor (options) { /** * @private * @type {Browserify} */ this.bundler = browserify({ ...bundlingOptions, ...options.bundler }); // merge with user options /** * @private * @type {Boolean} */ this.compress = options.compress; this.preferBrowserResolver = options.preferBrowserResolver; // process any list of modules externally required and also accommodate the use of built-ins if needed _.forEach(options.require, (options, resolve) => { // allow resolution override where the required module is resolved // from a different name than the one provided in options if (this.preferBrowserResolver && options.resolveBrowser) { resolve = options.resolveBrowser; } else if (options.resolve) { resolve = options.resolve; } // set the name using which the module is exported to the one marked as the module name (only in case when // one is not explicitly provided in options.) !options.expose && (options.expose = resolve); if (_.get(options, PREFER_BUILTIN) && _.has(browserifyBuiltins, resolve)) { // @todo: add tests this.bundler.require(browserifyBuiltins[resolve], options); } else { this.bundler.require(require.resolve(resolve), options); // @todo: add tests for resolve failures } }); // ignore the items mentioned in ignore list _.forEach(options.ignore, this.bundler.ignore.bind(this.bundler)); // add files that are needed _.forEach(options.files, (options, file) => { this.bundler.add(pathJoin(__dirname, file), options); }); } compile (done) { this.bundler.bundle((err, bundle) => { if (err) { return done(err); } // Scrub process object to prevent access to native backdoors const scrubProcess = ` if (typeof process !== 'undefined') { const propsToDel = ['binding', '_linkedBinding', 'dlopen', 'getBuiltinModule']; for (const key of propsToDel) { delete process[key]; } } `, // Expose only the required node built-ins to be used in vendor modules // These will be cleared out by sandbox when the bundle is loaded safeExposeBuiltIns = ` if (typeof require === 'function') { globalThis._nodeRequires = { buffer: require('buffer') }; // prevent access to node's require function require = null; } `, bundleString = scrubProcess + safeExposeBuiltIns + bundle.toString(); // bail out if compression is disabled if (!this.compress) { return done(null, bundleString); } minify(bundleString, { compress: { drop_console: true // discard calls to console.* functions }, mangle: true, // Mangle names safari10: true, // Work around the Safari 10/11 await bug (bugs.webkit.org/show_bug.cgi?id=176685) keep_fnames: /Postman.*/, // Prevent discarding or mangling of function names like "Postman*" keep_classnames: /Postman.*/, // Prevent discarding or mangling of class names like "Postman*" format: { comments: false // Omit comments in the output // @note ascii_only is disabled since postman-sandbox v4 // ascii_only: true, // Unicode characters in strings and regexps } }).then(({ code }) => { done(null, code); }).catch(done); }); } /** * Allows one to fetch a list of dependencies required by the bundle * * @param {Function} done - receives err, dependencies:Array */ listDependencies (done) { const dependencies = [], addPackageToDependencies = function (pkg) { dependencies.push(pkg.name); }; this.bundler.on('package', addPackageToDependencies); this.compile((err) => { this.bundler.removeListener('package', addPackageToDependencies); return done(err, _.uniq(dependencies).sort()); }); } static load (options) { return new Bundle(options); } } module.exports = Bundle;