uniscope
v3.0.0
Published
Allows one to evaluate a code within a controlled environment
Downloads
240
Readme
Uniscope
The goal of this module is to provide a uniform execution environment to a JavaScript code between browser and NodeJS.
For example, global functions and objects in NodeJS such as setImmediate
and global
are not easily available to the script. And on the other hand, browser-specific global properties such as requestAnimationFrame
and window
is not available as well.
Installation
Uniscope can be installed using NPM or directly from the git repository within your NodeJS projects. If installing from NPM, the following command installs the module and saves in your package.json
$ npm install uniscope --save
What this module does NOT do
Please read this carefully to avoid any ambiguity during adopting this module.
- This is not a module that converts NodeJS codes to browser or vice versa; that is the work of transformation tools such as browserify.
- This tool is not a security sandbox since it is easy to break out from this scope. This module simply provides uniformity to the scripts.
Usage
// sample inside NodeJS
let Scope = require('uniscope'), // use browserify or requireJS in browser!
myscope;
// create a new scope
myscope = new Scope({
eval: false, // specify whether eval is available inside sandbox
console: false, // specify whether native console is available
strict: false, // specify whether to run the script in strict mode
ignore: ['require'], // specify a list of global variables to ignore and pass-through to the script
block: ['process'] // specify a list of variables that should be blocked from being accessed
}, { // provide an object with globals to be made available to the scripts
myGlobalVarName: "sample"
});
// set a specific variable as global
myscope.set('logger', function (msg) {
console.log(msg);
});
// now run a script
myscope.exec('logger(myGlobalVarName)', function (err) {
err ? console.error(err.stack || err) : console.log('execution complete');
});
Running an asynchronous script
An asynchronous script will require an explicit call of a global function __exitscope
. Note that setTimeout
and setInterval
are not injected by default. You can easily do it yourself.
myscope.set('setTimeout', global.setTimeout); // inject setTimeout
// note the 2nd parameter is set to `{ async: true }`
myscope.exec('setTimeout(function () { __exitscope(null); }, 1000)', { async: true }, function (err) {
err ? console.error(err.stack || err) : console.log('execution complete');
});
List of allowed Globals
These are the list of globals available to scripts in the scope
Standard Built-ins:
[
"Array", "ArrayBuffer", "Atomics",
"BigInt", "Boolean", "DataView",
"Date", "Function", "Infinity",
"JSON", "Map", "Math",
"NaN", "Number", "Object",
"Promise", "Proxy", "Reflect",
"RegExp", "Set", "SharedArrayBuffer",
"String", "Symbol", "WeakMap",
"WeakSet", "decodeURI", "decodeURIComponent",
"encodeURI", "encodeURIComponent", "escape",
"isFinite", "isNaN", "parseFloat",
"parseInt", "undefined", "unescape"
]
Errors:
[
"Error", "EvalError", "RangeError",
"ReferenceError", "SyntaxError", "TypeError",
"URIError"
]
Typed Arrays:
[
"BigInt64Array", "BigUint64Array", "Float32Array",
"Float64Array", "Int16Array", "Int32Array",
"Int8Array", "Uint16Array", "Uint32Array",
"Uint8Array", "Uint8ClampedArray"
]
URL:
[
"URL", "URLSearchParams"
]
Encoding:
[
"atob", "btoa",
"TextDecoder", "TextDecoderStream",
"TextEncoder", "TextEncoderStream"
]
File:
[
"Blob"
]
Cryptography:
[
"Crypto", "CryptoKey",
"crypto", "SubtleCrypto"
]
Stream:
[
"ByteLengthQueuingStrategy", "CountQueuingStrategy",
"CompressionStream", "DecompressionStream",
"ReadableByteStreamController", "ReadableStream",
"ReadableStreamBYOBReader", "ReadableStreamBYOBRequest",
"ReadableStreamDefaultController", "ReadableStreamDefaultReader",
"TransformStream", "TransformStreamDefaultController",
"WritableStream", "WritableStreamDefaultController",
"WritableStreamDefaultWriter"
]