@cuxt/sandboxjs 0.1.0 → 0.1.3

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2019 nyariv
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2019 nyariv
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,186 +1,199 @@
-[![GitHub](https://img.shields.io/github/license/nyariv/SandboxJS)](https://github.com/nyariv/SandboxJS/blob/main/LICENSE) ![npm (scoped)](https://img.shields.io/npm/v/@nyariv/sandboxjs) ![Package size gzipped](https://img.shields.io/bundlephobia/minzip/@nyariv/sandboxjs) [![GitHub issues](https://img.shields.io/github/issues-raw/nyariv/SandboxJS)](https://github.com/nyariv/SandboxJS/issues) [![codecov](https://codecov.io/gh/nyariv/SandboxJS/branch/main/graph/badge.svg)](https://codecov.io/gh/nyariv/SandboxJS)
-
-# SandboxJS - Safe eval runtime
-
-This is a javascript sandboxing library. When embedding any kind of js code inside your app (either web or nodejs based) you are essentially giving access to the entire kingdom, hoping there is no malicious code in a dependency such as with supply chain attacks. For securing code, sandboxing is needed.
-
->  a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. - Wikipedia
-
-There are many vulnerable modules available on the global scope of a js environment, and unfortunately it is way to easy to get access to that if 3rd party code is allowed to be included. The main way is through the `eval` or `Function` globals because they execute code in the global context. Trying to block access to some global components through proxies or limiting scope variables is fruitless because of one main issue: _every function inherits the `Function` prototype, and can invoke `eval` by calling its constructor_, essentially making `eval` at most two properties away from anything in js.
-
-Example:
-```javascript
-[].filter.constructor("alert('jailbreak')")()
-```
-
-To make matters worse, it is extremely difficult to blacklist functions because code is easily obfuscated. For example, it is possible to execute anything using only `(`, `)`, `[`, `]`, `!`, and `+`. ([source](http://www.jsfuck.com/))
-
-```javascript
-[+!+[]]+[] // This evaluates to the number one, go a head type that in console
-```
-
-**SandboxJS** solves this problem by parsing js code and executing it though its own js runtime, while in the process checking every single prototype function that is being called. This allows whitelisting anything and everything, regardless of obfuscation.
-
-This means that you can potentially give different libraries different permissions, such as allowing `fetch()` for one library, or allowing access to the `Node` prototype for another, depending what the library requires and nothing more, and any objects that are gotten from the sandbox will remain sandboxed when used outside of it.
-
-Additionaly, `eval` and `Function` are sandboxed as well, and can be used recursively safely, which is why they are considered safe globals in SandboxJS.
-
-There is an `audit` method that will return all the accessed functions and prototypes during runtime if you need to know what permissions to give a certain library.
-
-Since parsing and executing are separated, execution with SandboxJS can be sometimes even faster than `eval`, allowing to prepare the execution code ahead of time.
-
-## Installation
-
-```
-npm install @nyariv/sandboxjs
-```
-
-## Usage
-
-The following is the bare minimum of code for using SandboxJS. This assumes safe whilelisted defaults.
-
-```javascript
-const code = `return myTest;`;
-const scope = { myTest: "hello world" };
-const sandbox = new Sandbox();
-const exec = sandbox.compile(code);
-const result = exec(scope).run(); // result: "hello world"
-```
-
-It is possible to defined multiple scopes in case you are reusing scopes with multiple layers.
-
-```javascript
-const sandbox = new Sandbox();
-
-const scopeA = {a: 1};
-const scopeB = {b: 2};
-const scopeC = {c: 3};
-
-const code = `a = 4; let d = 5; let b = 6`;
-const exec = sandbox.compile(code);
-exec(scopeA, scopeB, scopeC).run();
-
-console.log(scopeA); // {a: 4}
-console.log(scopeB); // {b: 2}
-console.log(scopeC); // {c: 3, d: 5, b: 6}
-```
-
-You can set your own whilelisted prototypes and global properties like so (`alert` and `Node` are added to whitelist in the following code):
-
-```javascript
-const prototypeWhitelist = Sandbox.SAFE_PROTOTYPES;
-prototypeWhitelist.set(Node, new Set());
-
-const globals = {...Sandbox.SAFE_GLOBALS, alert};
-
-const sandbox = new Sandbox({globals, prototypeWhitelist});
-```
-
-You can audit a piece of code, which will permit all globals and prototypes but will return a json with accessed globals and prototypes over time.
-
-```javascript
-const code = `console.log("test")`;
-console.log(Sandbox.audit(code));
-```
-
-## Safe Globals
-
-- `globalThis`
-- `Function`
-- `eval`
-- `setTimeout` - excluded by default
-- `setInterval` - excluded by default
-- `clearTimeout` - excluded by default
-- `clearInterval` - excluded by default
-- `console`
-- `isFinite`
-- `isNaN`
-- `parseFloat`
-- `parseInt`
-- `decodeURI`
-- `decodeURIComponent`
-- `encodeURI`
-- `encodeURIComponent`
-- `escape`
-- `unescape`
-- `Boolean`
-- `Number`
-- `BigInt`
-- `String`
-- `Object`
-- `Array`
-- `Symbol`
-- `Error`
-- `EvalError`
-- `RangeError`
-- `ReferenceError`
-- `SyntaxError`
-- `TypeError`
-- `URIError`
-- `Int8Array`
-- `Uint8Array`
-- `Uint8ClampedArray`
-- `Int16Array`
-- `Uint16Array`
-- `Int32Array`
-- `Uint32Array`
-- `Float32Array`
-- `Float64Array`
-- `Map`
-- `Set`
-- `WeakMap`
-- `WeakSet`
-- `Promise`
-- `Intl`
-- `JSON`
-- `Math`
-
-# Safe Prototypes
-
-- `SandboxGlobal`
-- `Function`
-- `Boolean`
-- `Object`
-- `Number`
-- `BigInt`
-- `String`
-- `Date`
-- `RegExp`
-- `Error`
-- `Array`
-- `Int8Array`
-- `Uint8Array`
-- `Uint8ClampedArray`
-- `Int16Array`
-- `Uint16Array`
-- `Int32Array`
-- `Uint32Array`
-- `Float32Array`
-- `Float64Array`
-- `Map`
-- `Set`
-- `WeakMap`
-- `WeakSet`
-- `Promise`
-
-## Goals
-
-|Feature|Status|
-|---|---|
-|Prototype access protection|done|
-|Globals access protection|done|
-|Prototype proxying|done|
-|Single line sandboxing|done|
-|Multi line sandboxing|done|
-|Functions support|done|
-|Audit prototype and globals access|done|
-|Code blocks (try/catch, ifs, and loops)|done|
-|Async/await|done|
-|Execution time protection|done|
-|Extensibility|done|
-|Full ECMAScript support|90%|
-|Script source and import sandboxing|Won't fix - handled by 3rd party|
-|DOM ownership and inherited permissions|See [scope-js](https://github.com/nyariv/scope-js)|
-|Tests|done|
-
+[![GitHub](https://img.shields.io/github/license/nyariv/SandboxJS)](https://github.com/nyariv/SandboxJS/blob/main/LICENSE) ![npm](https://img.shields.io/npm/v/@nyariv/sandboxjs) ![Bundle size](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/nyariv/dd4a46f4c2fff1c43d4f2e8fb4b52862/raw/bundle-size.json)
+ [![GitHub issues](https://img.shields.io/github/issues-raw/nyariv/SandboxJS)](https://github.com/nyariv/SandboxJS/issues) [![codecov](https://codecov.io/gh/nyariv/SandboxJS/branch/main/graph/badge.svg)](https://codecov.io/gh/nyariv/SandboxJS) [![passing tests](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/nyariv/dd4a46f4c2fff1c43d4f2e8fb4b52862/raw/tests.json)](https://nyariv.github.io/SandboxJS/) [![Sandbox protected](https://img.shields.io/endpoint?url=https://gist.githubusercontent.com/nyariv/dd4a46f4c2fff1c43d4f2e8fb4b52862/raw/sandbox-protected.json)](https://github.com/nyariv/SandboxJS)
+---
+<table><tr><td width="100">
+
+![sanboxjs logo](./logo.svg)
+
+</td><td width="400">
+<h1>SandboxJS</h1>
+<i>Safe eval runtime</i>
+</td></tr></table>
+
+---
+
+
+
+
+This is a javascript sandboxing library. When embedding any kind of js code inside your app (either web or nodejs based) you are essentially giving access to the entire kingdom, hoping there is no malicious code in a dependency such as with supply chain attacks. For securing code, sandboxing is needed.
+
+>  a "sandbox" is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. - Wikipedia
+
+There are many vulnerable modules available on the global scope of a js environment, and unfortunately it is way to easy to get access to that if 3rd party code is allowed to be included. The main way is through the `eval` or `Function` globals because they execute code in the global context. Trying to block access to some global components through proxies or limiting scope variables is fruitless because of one main issue: _every function inherits the `Function` prototype, and can invoke `eval` by calling its constructor_, essentially making `eval` at most two properties away from anything in js.
+
+Example:
+```javascript
+[].filter.constructor("alert('jailbreak')")()
+```
+
+To make matters worse, it is extremely difficult to blacklist functions because code is easily obfuscated. For example, it is possible to execute anything using only `(`, `)`, `[`, `]`, `!`, and `+`. ([source](http://www.jsfuck.com/))
+
+```javascript
+[+!+[]]+[] // This evaluates to the number one, go a head type that in console
+```
+
+**SandboxJS** solves this problem by parsing js code and executing it though its own js runtime, while in the process checking every single prototype function that is being called. This allows whitelisting anything and everything, regardless of obfuscation.
+
+This means that you can potentially give different libraries different permissions, such as allowing `fetch()` for one library, or allowing access to the `Node` prototype for another, depending what the library requires and nothing more, and any objects that are gotten from the sandbox will remain sandboxed when used outside of it.
+
+Additionaly, `eval` and `Function` are sandboxed as well, and can be used recursively safely, which is why they are considered safe globals in SandboxJS.
+
+There is an `audit` method that will return all the accessed functions and prototypes during runtime if you need to know what permissions to give a certain library.
+
+Since parsing and executing are separated, execution with SandboxJS can be sometimes even faster than `eval`, allowing to prepare the execution code ahead of time.
+
+## Installation
+
+```
+npm install @nyariv/sandboxjs
+```
+
+## Usage
+
+The following is the bare minimum of code for using SandboxJS. This assumes safe whitelisted defaults.
+
+```javascript
+const code = `return myTest;`;
+const scope = { myTest: "hello world" };
+const sandbox = new Sandbox();
+const exec = sandbox.compile(code);
+const result = exec(scope).run(); // result: "hello world"
+```
+
+It is possible to defined multiple scopes in case you are reusing scopes with multiple layers.
+
+```javascript
+const sandbox = new Sandbox();
+
+const scopeA = {a: 1};
+const scopeB = {b: 2};
+const scopeC = {c: 3};
+
+const code = `a = 4; let d = 5; let b = 6`;
+const exec = sandbox.compile(code);
+exec(scopeA, scopeB, scopeC).run();
+
+console.log(scopeA); // {a: 4}
+console.log(scopeB); // {b: 2}
+console.log(scopeC); // {c: 3, d: 5, b: 6}
+```
+
+You can set your own whilelisted prototypes and global properties like so (`alert` and `Node` are added to whitelist in the following code):
+
+```javascript
+const prototypeWhitelist = Sandbox.SAFE_PROTOTYPES;
+prototypeWhitelist.set(Node, new Set());
+
+const globals = {...Sandbox.SAFE_GLOBALS, alert};
+
+const sandbox = new Sandbox({globals, prototypeWhitelist});
+```
+
+You can audit a piece of code, which will permit all globals and prototypes but will return a json with accessed globals and prototypes over time.
+
+```javascript
+const code = `console.log("test")`;
+console.log(Sandbox.audit(code));
+```
+
+## Safe Globals
+
+- `globalThis`
+- `Function`
+- `eval`
+- `setTimeout` - excluded by default
+- `setInterval` - excluded by default
+- `clearTimeout` - excluded by default
+- `clearInterval` - excluded by default
+- `console`
+- `isFinite`
+- `isNaN`
+- `parseFloat`
+- `parseInt`
+- `decodeURI`
+- `decodeURIComponent`
+- `encodeURI`
+- `encodeURIComponent`
+- `escape`
+- `unescape`
+- `Boolean`
+- `Number`
+- `BigInt`
+- `String`
+- `Object`
+- `Array`
+- `Symbol`
+- `Error`
+- `EvalError`
+- `RangeError`
+- `ReferenceError`
+- `SyntaxError`
+- `TypeError`
+- `URIError`
+- `Int8Array`
+- `Uint8Array`
+- `Uint8ClampedArray`
+- `Int16Array`
+- `Uint16Array`
+- `Int32Array`
+- `Uint32Array`
+- `Float32Array`
+- `Float64Array`
+- `Map`
+- `Set`
+- `WeakMap`
+- `WeakSet`
+- `Promise`
+- `Intl`
+- `JSON`
+- `Math`
+
+# Safe Prototypes
+
+- `SandboxGlobal`
+- `Function`
+- `Boolean`
+- `Object`
+- `Number`
+- `BigInt`
+- `String`
+- `Date`
+- `RegExp`
+- `Error`
+- `Array`
+- `Int8Array`
+- `Uint8Array`
+- `Uint8ClampedArray`
+- `Int16Array`
+- `Uint16Array`
+- `Int32Array`
+- `Uint32Array`
+- `Float32Array`
+- `Float64Array`
+- `Map`
+- `Set`
+- `WeakMap`
+- `WeakSet`
+- `Promise`
+
+## Goals
+
+|Feature|Status|
+|---|---|
+|Prototype access protection|done|
+|Globals access protection|done|
+|Prototype proxying|done|
+|Single line sandboxing|done|
+|Multi line sandboxing|done|
+|Functions support|done|
+|Audit prototype and globals access|done|
+|Code blocks (try/catch, ifs, and loops)|done|
+|Async/await|done|
+|Execution time protection|done|
+|Extensibility|done|
+|Full ECMAScript support|90%|
+|Script source and import sandboxing|Won't fix - handled by 3rd party|
+|DOM ownership and inherited permissions|See [scope-js](https://github.com/nyariv/scope-js)|
+|Tests|done|
+
 📋 **[ECMAScript Feature Implementation Status](TODO.md)** - See which JavaScript features are supported and tested (~90% of core ES5-ES2018 features)

package/{build → dist/cjs}/Sandbox.d.ts

@@ -1,11 +1,19 @@
-import { IExecContext, IOptionParams, IScope } from './utils.js';
-import { ExecReturn } from './executor.js';
-import SandboxExec from './SandboxExec.js';
-export { LocalScope, SandboxExecutionTreeError, SandboxCapabilityError, SandboxAccessError, SandboxError, } from './utils.js';
-export default class Sandbox extends SandboxExec {
+import { IExecContext, IOptionParams, IScope } from './utils';
+import { ExecReturn } from './executor';
+import { default as SandboxExec } from './SandboxExec';
+export { ParseError } from './parser';
+export { LocalScope, SandboxExecutionTreeError, SandboxCapabilityError, SandboxAccessError, SandboxExecutionQuotaExceededError, SandboxError, delaySynchronousResult, } from './utils';
+export type * from './utils';
+export type * from './parser';
+export type * from './executor';
+export type * from './eval';
+export declare class Sandbox extends SandboxExec {
     constructor(options?: IOptionParams);
     static audit<T>(code: string, scopes?: IScope[]): ExecReturn<T>;
-    static parse(code: string): import("./parser.js").IExecutionTree;
+    static parse(code: string): import('./parser').IExecutionTree;
+    get Function(): Function;
+    get AsyncFunction(): Function;
+    get eval(): Function;
     compile<T>(code: string, optimize?: boolean): (...scopes: IScope[]) => {
         context: IExecContext;
         run: () => T;
@@ -23,3 +31,4 @@ export default class Sandbox extends SandboxExec {
         run: () => Promise<T>;
     };
 }
+export default Sandbox;

package/dist/cjs/Sandbox.js

@@ -0,0 +1,126 @@
+Object.defineProperties(exports, {
+	__esModule: { value: true },
+	[Symbol.toStringTag]: { value: "Module" }
+});
+const require_errors = require("./utils/errors.js");
+const require_types = require("./utils/types.js");
+const require_Scope = require("./utils/Scope.js");
+const require_ExecContext = require("./utils/ExecContext.js");
+require("./utils/index.js");
+const require_parserUtils = require("./parser/parserUtils.js");
+require("./parser/index.js");
+const require_index$2 = require("./eval/index.js");
+const require_SandboxExec = require("./SandboxExec.js");
+//#region src/Sandbox.ts
+var Sandbox = class extends require_SandboxExec.SandboxExec {
+	constructor(options) {
+		super(options, require_index$2.createEvalContext());
+	}
+	static audit(code, scopes = []) {
+		const globals = {};
+		for (const i of Object.getOwnPropertyNames(globalThis)) globals[i] = globalThis[i];
+		const sandbox = new require_SandboxExec.SandboxExec({
+			globals,
+			audit: true
+		});
+		return sandbox.executeTree(require_ExecContext.createExecContext(sandbox, require_parserUtils.default(code, true, false, sandbox.context.options.maxParserRecursionDepth), require_index$2.createEvalContext()), scopes);
+	}
+	static parse(code) {
+		return require_parserUtils.default(code, true);
+	}
+	get Function() {
+		return require_ExecContext.createExecContext(this, {
+			tree: [],
+			constants: {
+				strings: [],
+				eager: true,
+				literals: [],
+				maxDepth: this.context.options.maxParserRecursionDepth,
+				regexes: []
+			}
+		}, this.evalContext).evals.get(Function);
+	}
+	get AsyncFunction() {
+		return require_ExecContext.createExecContext(this, {
+			tree: [],
+			constants: {
+				strings: [],
+				eager: true,
+				literals: [],
+				maxDepth: this.context.options.maxParserRecursionDepth,
+				regexes: []
+			}
+		}, this.evalContext).evals.get(require_types.AsyncFunction);
+	}
+	get eval() {
+		return require_ExecContext.createExecContext(this, {
+			tree: [],
+			constants: {
+				strings: [],
+				eager: true,
+				literals: [],
+				maxDepth: this.context.options.maxParserRecursionDepth,
+				regexes: []
+			}
+		}, this.evalContext).evals.get(eval);
+	}
+	compile(code, optimize = false) {
+		if (this.context.options.nonBlocking) throw new require_errors.SandboxCapabilityError("Non-blocking mode is enabled, use Sandbox.compileAsync() instead.");
+		const parsed = require_parserUtils.default(code, optimize, false, this.context.options.maxParserRecursionDepth);
+		const context = require_ExecContext.createExecContext(this, parsed, this.evalContext);
+		const exec = (...scopes) => {
+			require_Scope.sanitizeScopes(scopes, context);
+			return {
+				context,
+				run: () => this.executeTree(context, [...scopes]).result
+			};
+		};
+		return exec;
+	}
+	compileAsync(code, optimize = false) {
+		const parsed = require_parserUtils.default(code, optimize, false, this.context.options.maxParserRecursionDepth);
+		const context = require_ExecContext.createExecContext(this, parsed, this.evalContext);
+		const exec = (...scopes) => {
+			require_Scope.sanitizeScopes(scopes, context);
+			return {
+				context,
+				run: () => this.executeTreeAsync(context, [...scopes]).then((ret) => ret.result)
+			};
+		};
+		return exec;
+	}
+	compileExpression(code, optimize = false) {
+		const parsed = require_parserUtils.default(code, optimize, true, this.context.options.maxParserRecursionDepth);
+		const context = require_ExecContext.createExecContext(this, parsed, this.evalContext);
+		const exec = (...scopes) => {
+			require_Scope.sanitizeScopes(scopes, context);
+			return {
+				context,
+				run: () => this.executeTree(context, [...scopes]).result
+			};
+		};
+		return exec;
+	}
+	compileExpressionAsync(code, optimize = false) {
+		const parsed = require_parserUtils.default(code, optimize, true, this.context.options.maxParserRecursionDepth);
+		const context = require_ExecContext.createExecContext(this, parsed, this.evalContext);
+		const exec = (...scopes) => {
+			return {
+				context,
+				run: () => this.executeTreeAsync(context, [...scopes]).then((ret) => ret.result)
+			};
+		};
+		return exec;
+	}
+};
+//#endregion
+exports.LocalScope = require_Scope.LocalScope;
+exports.ParseError = require_parserUtils.ParseError;
+exports.Sandbox = Sandbox;
+exports.default = Sandbox;
+exports.SandboxAccessError = require_errors.SandboxAccessError;
+exports.SandboxCapabilityError = require_errors.SandboxCapabilityError;
+exports.SandboxError = require_errors.SandboxError;
+exports.SandboxExecutionQuotaExceededError = require_errors.SandboxExecutionQuotaExceededError;
+exports.SandboxExecutionTreeError = require_errors.SandboxExecutionTreeError;
+exports.delaySynchronousResult = require_Scope.delaySynchronousResult;

package/dist/{SandboxExec.d.ts → cjs/SandboxExec.d.ts}

@@ -1,8 +1,7 @@
-import { IEvalContext } from './eval.js';
-import { Change, ExecReturn } from './executor.js';
-import { IContext, IExecContext, IGlobals, IOptionParams, IScope, Scope, SubscriptionSubject, Ticks } from './utils.js';
-export { IOptions, IContext, IExecContext, LocalScope, SandboxExecutionTreeError, SandboxCapabilityError, SandboxAccessError, SandboxError, } from './utils.js';
-export default class SandboxExec {
+import { IEvalContext } from './eval';
+import { Change, ExecReturn } from './executor';
+import { IContext, IExecContext, IGlobals, IOptionParams, IScope, ISymbolWhitelist, SubscriptionSubject, HaltContext } from './utils';
+export declare class SandboxExec {
     evalContext?: IEvalContext | undefined;
     readonly context: IContext;
     readonly setSubscriptions: WeakMap<SubscriptionSubject, Map<string, Set<(modification: Change) => void>>>;
@@ -32,6 +31,7 @@ export default class SandboxExec {
     }>;
     constructor(options?: IOptionParams, evalContext?: IEvalContext | undefined);
     static get SAFE_GLOBALS(): IGlobals;
+    static get SAFE_SYMBOLS(): ISymbolWhitelist;
     static get SAFE_PROTOTYPES(): Map<any, Set<string>>;
     subscribeGet(callback: (obj: SubscriptionSubject, name: string) => void, context: IExecContext): {
         unsubscribe: () => void;
@@ -42,25 +42,16 @@ export default class SandboxExec {
     subscribeSetGlobal(obj: SubscriptionSubject, name: string, callback: (modification: Change) => void): {
         unsubscribe: () => void;
     };
-    subscribeHalt(cb: (args?: {
-        error: Error;
-        ticks: Ticks;
-        scope: Scope;
-        context: IExecContext;
-    }) => void): {
+    subscribeHalt(cb: (context: HaltContext) => void): {
         unsubscribe: () => void;
     };
     subscribeResume(cb: () => void): {
         unsubscribe: () => void;
     };
-    haltExecution(haltContext?: {
-        error: Error;
-        ticks: Ticks;
-        scope: Scope;
-        context: IExecContext;
-    }): void;
+    haltExecution(haltContext?: HaltContext): void;
     resumeExecution(): void;
     getContext(fn: (...args: any[]) => any): IExecContext | undefined;
     executeTree<T>(context: IExecContext, scopes?: IScope[]): ExecReturn<T>;
     executeTreeAsync<T>(context: IExecContext, scopes?: IScope[]): Promise<ExecReturn<T>>;
 }
+export default SandboxExec;