UNPKG

quarantiner

Version:

A script isolator that runs scripts inside a sandbox iframe

57 lines (40 loc) 2.23 kB
# Quarantiner [![Build Status](https://github.com/asmblah/quarantiner/workflows/CI/badge.svg)](https://github.com/asmblah/quarantiner/actions?query=workflow%3ACI) [EXPERIMENTAL] Isolates scripts that may modify prototypes by running them inside an `<iframe>` realm. ## What is it? This is **not** a security-focused sandbox. It is expected (for now) that a script will be able to escape the sandbox if intentional. The main purpose of this sandbox is to provide a _lightweight_ isolated script environment (realm) so that incompatible or badly-behaving scripts that modify global objects or global prototypes can be isolated enough from each other to function together. ## Recommended usage It is recommended that you use this alongside a bundler, e.g. via the [Rollup plugin rollup-plugin-sandbox][rollup-plugin-sandbox]. ## Alternative usage (if requiring directly) ```shell $ npm i quarantiner ``` ### Global API A global object `quarantiner` will be installed, which is actually defined by the UMD build for this library. #### Methods of the `quarantiner` global: - `quarantiner.quarantine(...)`: ``` quarantiner.quarantine( wrapper: WrapperFunction, config: ConfigOptions = { globals: {}, sandbox: 'default' } ): Promise<void> ``` - `wrapper`: a function that defines a script to be executed inside the sandbox realm. - `config`: an optional configuration object: - `config.globals`: globals that are expected to be defined by the script, that should then be defined as globals on the main window/global object. Example: `{ myGlobal: { type: 'function' } }` - `config.sandbox`: name of the sandbox to execute the script inside. any scripts that specify the same sandbox name will be run inside the same sandbox. - `quarantiner.getSandbox(name: string = 'default'): Promise<Sandbox>`: Allows fetching the `Sandbox` instance for a declared sandbox. ## See also - [rollup-plugin-sandbox][rollup-plugin-sandbox], a [Rollup][Rollup] plugin which uses this library. [Rollup]: https://rollupjs.org/ [rollup-plugin-sandbox]: https://github.com/asmblah/rollup-plugin-sandbox