npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

serverless-runtime

v1.1.0

Published

used for running untrusted streaming JavaScript microservices

Downloads

5

Readme

serverless-runtime

Node.js module used for safely running untrusted streaming JavaScript microservices.

see also: run-remote-service module

Introduction

This module is the component which hook.io uses to execute untrusted source code in it's elastic worker pool.

You are encouraged to use this module as-is, or modify it to suite your needs. If you are interested in contributing please let us know!

Features

  • Runs untrusted JavaScript microservices in a single process
  • Services work with any Readable / Writable stream interface
  • Ships with run-service binary for running services from CLI using STDIN / STDOUT streams
  • Environments per service
  • Virtual Machines per service
  • Configurable Timeouts per service
  • Robust Error Handling ( through domains and try-catch module

Caveats

Running untrusted JavaScript code in a safe way is a complex problem. The run-service module is only intended to isolate a small part of the entire untrusted source code execution chain.

If you intend to use this module to run untrusted source code please consider the following.

What this module does isolate

  • Service state
  • Service errors
  • Stream / Socket errors
  • Process state ( somewhat, read below)

Multiple service calls to run-service in the same process should not be able to affect the state of other services in that process. All errors that can possibily happen during the execution of a service should be trapped and isolated to not affect the current process.

What this mode does NOT isolate

  • Server Memory
  • Server CPU
  • Server file-system
  • Process CPU ( for now )
  • Process Memory ( for now )

run-service cannot make any guarantees about the isolation of the server or process itself. All services run in the same process will always be sharing the same process resources (memory and cpu). All services will also have default access to the server's file-system and child processes.

To ensure isolation per process, you will want to spawn a new process per service request. This can be done using the run-service binary included in this project.

To ensure isolation of the server file-system, you will want to use the run-service binary in a chroot jail, or other similiar container solution.

To ensure isolation of the server memory and cpu, you will want to use the run-service binary in a virtualized enviroment capable of monitoring and managing resource usage per process.

Bottom Line: Do not expect this single module to magically isolate untrusted services. run-service is only a small piece of the solution.

Reporting Security Issues

If you find a way which run-service is not adequately isolating services per process or trapping errors, please file a support issue on Github. You can also privately email [email protected]