npm - isolated-function - Versions diffs - 0.0.3 → 0.0.4 - Mend

isolated-function 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "isolated-function",
   "description": "Runs untrusted code in a Node.js v8 sandbox.",
   "homepage": "https://github.com/Kikobeats/isolated-function",
-  "version": "0.0.3",
+  "version": "0.0.4",
   "main": "src/index.js",
   "exports": {
     ".": "./src/index.js"
@@ -37,10 +37,8 @@
     "acorn-walk": "~8.3.3",
     "ensure-error": "~3.0.1",
     "esbuild": "~0.23.1",
-    "process-stats": "~3.7.10",
     "serialize-error": "8",
-    "tinyspawn": "~1.3.2",
-    "v8-sandbox": "~3.2.12"
+    "tinyspawn": "~1.3.2"
   },
   "devDependencies": {
     "@commitlint/cli": "latest",

package/src/compile.js CHANGED Viewed

@@ -46,31 +46,37 @@ const detectDependencies = code => {
   return Array.from(dependencies)
 }
-module.exports = async snippet => {
-  const tmp = await fs.mkdtemp(path.join(tmpdir(), 'compile-'))
-  await fs.mkdir(tmp, { recursive: true })
+const getTmp = async content => {
+  const cwd = await fs.mkdtemp(path.join(tmpdir(), 'compile-'))
+  await fs.mkdir(cwd, { recursive: true })
-  const template = generateTemplate(snippet)
+  const filepath = path.join(cwd, 'index.js')
+  await fs.writeFile(filepath, content)
-  const entryFile = path.join(tmp, 'index.js')
-  await fs.writeFile(entryFile, template)
+  const cleanup = () => fs.rm(cwd, { recursive: true, force: true })
+  return { filepath, cwd, content, cleanup }
+}
-  const dependencies = detectDependencies(template)
-  await $(packageManager.init, { cwd: tmp })
-  await $(`${packageManager.install} ${dependencies.join(' ')}`, { cwd: tmp })
+module.exports = async snippet => {
+  const tmp = await getTmp(generateTemplate(snippet))
+  const dependencies = detectDependencies(tmp.content)
+  await $(packageManager.init, { cwd: tmp.cwd })
+  await $(`${packageManager.install} ${dependencies.join(' ')}`, {
+    cwd: tmp.cwd
+  })
+  // return tmp
   const result = await esbuild.build({
-    entryPoints: [entryFile],
+    entryPoints: [tmp.filepath],
     bundle: true,
+    // minify: true,
     write: false,
     platform: 'node'
   })
-  const bundledCode = result.outputFiles[0].text
-  await fs.rm(tmp, { recursive: true })
-  return bundledCode
+  await tmp.cleanup()
+  return getTmp(result.outputFiles[0].text)
 }
 module.exports.detectDependencies = detectDependencies

package/src/index.js CHANGED Viewed

@@ -1,32 +1,38 @@
 'use strict'
-const { Sandbox } = require('v8-sandbox')
 const { deserializeError } = require('serialize-error')
+const $ = require('tinyspawn')
 const compile = require('./compile')
-module.exports = (snippet, { timeout = 10000, globals = {} } = {}) => {
-  if (typeof snippet !== 'function') {
-    throw new TypeError('Expected a function')
+class TimeoutError extends Error {
+  constructor (message) {
+    super(message)
+    this.name = 'TimeoutError'
   }
+}
-  const sandbox = new Sandbox({
-    httpEnabled: false,
-    timersEnabled: true,
-    debug: true
-  })
-  const compiling = compile(snippet)
-  const initializing = sandbox.initialize()
+module.exports = (snippet, { timeout = 0 } = {}) => {
+  if (typeof snippet !== 'function') throw new TypeError('Expected a function')
+  const compilePromise = compile(snippet)
-  return async (...args) => {
-    const [code] = await Promise.all([compiling, initializing])
-    const { error, value } = await sandbox.execute({
-      code,
-      timeout,
-      globals: { ...globals, arguments: args }
-    })
-    await sandbox.shutdown()
-    if (error) throw require('ensure-error')(deserializeError(error))
-    return value
+  const fn = async (...args) => {
+    try {
+      const { filepath } = await compilePromise
+      const { stdout } = await $(`node ${filepath} ${JSON.stringify(args)}`, {
+        timeout,
+        killSignal: 'SIGKILL'
+      })
+      const { isFulfilled, value } = JSON.parse(stdout)
+      if (isFulfilled) return value
+      throw deserializeError(value)
+    } catch (error) {
+      if (error.killed) throw new TimeoutError('Execution timed out')
+      throw error
+    }
   }
+  const cleanup = async () => (await compilePromise).cleanup
+  return [fn, cleanup]
 }

package/src/template/index.js CHANGED Viewed

@@ -2,37 +2,20 @@
 const SERIALIZE_ERROR = require('./serialize-error')
-const DISALLOW_INTERNALS = [
-  '_dispatch',
-  'base64ToBuffer',
-  'bufferToBase64',
-  'define',
-  'defineAsync',
-  'dispatch',
-  'httpRequest',
-  'info',
-  'setResult'
-]
 const generateTemplate = snippet => {
-  const value = (() => {
-    return `await (() => {
-      let ${DISALLOW_INTERNALS.join(',')};
-      globalThis = { clearTimeout, setTimeout }
-      globalThis.global = globalThis
-      return (${snippet.toString()})(...arguments)
-    })()`
+  const template = `
+  const args = JSON.parse(process.argv[2])
+  ;(async () => {
+    try {
+      const value = await (${snippet.toString()})(...args)
+      console.log(JSON.stringify({ isFulfilled: true, value }))
+    } catch (error) {
+     console.log(JSON.stringify({ isFulfilled: false, value: ${SERIALIZE_ERROR}(error) }))
+    }
   })()
-  const template = `;(async () => {
-  try {
-    setResult({
-      value: ${value}
-    })
-  } catch(error) {
-   setResult({ error: ${SERIALIZE_ERROR}(error) })
-  }
-})()`
+  `
   return template
 }