isolated-function 0.1.0 → 0.1.2

package/README.md

@@ -41,7 +41,7 @@ npm install isolated-function --save
 
 ## Quickstart
 
-**isolated-functions** is a modern solution for running arbitrary code using Node.js.
+**isolated-function** is a modern solution for running untrusted code in Node.js.
 
 ```js
 const isolatedFunction = require('isolated-function')
@@ -60,11 +60,9 @@ console.log({ value, profiling })
 await teardown()
 ```
 
-The hosted code runs in a separate process with limited permissions, returning the result and profiling the execution.
-
 ### Minimal privilege execution
 
-The hosted code will be executed with minimal privilege. If you exceed your limit, an error will occur.
+The hosted code runs in a separate process, with minimal privilege, using [Node.js permission model API](https://nodejs.org/api/permissions.html#permission-model).
 
 ```js
 const [fn, teardown] = isolatedFunction(() => {
@@ -76,7 +74,7 @@ await fn()
 // => PermissionError: Access to 'FileSystemWrite' has been restricted.
 ```
 
-Any of the following interaction will throw an error:
+If you exceed your limit, an error will occur. Any of the following interaction will throw an error:
 
 - Native modules
 - Child process
@@ -92,7 +90,7 @@ The hosted code is parsed for detecting `require`/`import` calls and install the
 ```js
 const [isEmoji, teardown] = isolatedFunction(emoji => {
   /* this dependency only exists inside the isolated function */
-  const isEmoji = require('is-standard-emoji')
+  const isEmoji = require('is-standard-emoji@1.0.0') // default is latest
   return isEmoji(emoji)
 })
 
@@ -101,11 +99,11 @@ await isEmoji('foo') // => false
 await teardown()
 ```
 
-The dependencies, along with the hosted code, are bundled into a single file that will be evaluated at runtime.
+The dependencies, along with the hosted code, are bundled by [esbuild](https://esbuild.github.io/) into a single file that will be evaluated at runtime.
 
 ### Execution profiling
 
-Any hosted code execution has a profiling associated:
+Any hosted code execution will be run in their own separate process:
 
 ```js
 /** make a function to consume ~128MB */
@@ -130,6 +128,8 @@ console.log(profiling)
 // }
 ```
 
+Each execution has a profiling, which helps understand what happened.
+
 ### Resource limits
 
 You can limit a **isolated-function** by memory:

package/package.json

@@ -2,7 +2,7 @@
   "name": "isolated-function",
   "description": "Runs untrusted code in a Node.js v8 sandbox.",
   "homepage": "https://github.com/Kikobeats/isolated-function",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "main": "src/index.js",
   "exports": {
     ".": "./src/index.js"
@@ -62,6 +62,18 @@
   "files": [
     "src"
   ],
+  "scripts": {
+    "clean": "rm -rf node_modules",
+    "contributors": "(npx git-authors-cli && npx finepack && git add package.json && git commit -m 'build: contributors' --no-verify) || true",
+    "coverage": "c8 report --reporter=text-lcov > coverage/lcov.info",
+    "lint": "standard",
+    "postrelease": "npm run release:tags && npm run release:github && (ci-publish || npm publish --access=public)",
+    "pretest": "npm run lint",
+    "release": "standard-version -a",
+    "release:github": "github-generate-release",
+    "release:tags": "git push --follow-tags origin HEAD:master",
+    "test": "c8 ava"
+  },
   "license": "MIT",
   "commitlint": {
     "extends": [
@@ -85,17 +97,5 @@
   "simple-git-hooks": {
     "commit-msg": "npx commitlint --edit",
     "pre-commit": "npx nano-staged"
-  },
-  "scripts": {
-    "clean": "rm -rf node_modules",
-    "contributors": "(npx git-authors-cli && npx finepack && git add package.json && git commit -m 'build: contributors' --no-verify) || true",
-    "coverage": "c8 report --reporter=text-lcov > coverage/lcov.info",
-    "lint": "standard",
-    "postrelease": "npm run release:tags && npm run release:github && (ci-publish || npm publish --access=public)",
-    "pretest": "npm run lint",
-    "release": "standard-version -a",
-    "release:github": "github-generate-release",
-    "release:tags": "git push --follow-tags origin HEAD:master",
-    "test": "c8 ava"
   }
-}
+}

package/src/compile.js

@@ -37,17 +37,74 @@ const detectDependencies = code => {
         node.arguments.length === 1 &&
         node.arguments[0].type === 'Literal'
       ) {
-        dependencies.add(node.arguments[0].value)
+        const dependency = node.arguments[0].value
+        // Check if the dependency string contains '@' symbol for versioning
+        if (dependency.includes('@')) {
+          // Split by '@' to separate module name and version
+          const parts = dependency.split('@')
+          // Handle edge case where module name might also contain '@' (scoped packages)
+          const moduleName = parts.length > 2 ? `${parts[0]}@${parts[1]}` : parts[0]
+          const version = parts[parts.length - 1]
+          dependencies.add(`${moduleName}@${version}`)
+        } else {
+          dependencies.add(`${dependency}@latest`)
+        }
       }
     },
     ImportDeclaration (node) {
-      dependencies.add(node.source.value)
+      const source = node.source.value
+      if (source.includes('@')) {
+        const parts = source.split('@')
+        const moduleName = parts.length > 2 ? `${parts[0]}@${parts[1]}` : parts[0]
+        const version = parts[parts.length - 1]
+        dependencies.add(`${moduleName}@${version}`)
+      } else {
+        dependencies.add(`${source}@latest`)
+      }
     }
   })
 
   return Array.from(dependencies)
 }
 
+const transformDependencies = code => {
+  const ast = acorn.parse(code, { ecmaVersion: 2020, sourceType: 'module' })
+
+  let newCode = ''
+  let lastIndex = 0
+
+  // Helper function to process and transform nodes
+  const processNode = node => {
+    if (node.type === 'Literal' && node.value.includes('@')) {
+      // Extract module name without version
+      const [moduleName] = node.value.split('@')
+      // Append code before this node
+      newCode += code.substring(lastIndex, node.start)
+      // Append transformed dependency
+      newCode += `'${moduleName}'`
+      // Update lastIndex to end of current node
+      lastIndex = node.end
+    }
+  }
+
+  // Traverse the AST to find require and import declarations
+  walk.simple(ast, {
+    CallExpression (node) {
+      if (node.callee.name === 'require' && node.arguments.length === 1) {
+        processNode(node.arguments[0])
+      }
+    },
+    ImportDeclaration (node) {
+      processNode(node.source)
+    }
+  })
+
+  // Append remaining code after last modified dependency
+  newCode += code.substring(lastIndex)
+
+  return newCode
+}
+
 const getTmp = async content => {
   const cwd = await fs.mkdtemp(path.join(tmpdir(), 'compile-'))
   await fs.mkdir(cwd, { recursive: true })
@@ -60,8 +117,10 @@ const getTmp = async content => {
 }
 
 module.exports = async snippet => {
-  const tmp = await getTmp(generateTemplate(snippet))
-  const dependencies = detectDependencies(tmp.content)
+  const compiledTemplate = generateTemplate(snippet)
+  const dependencies = detectDependencies(compiledTemplate)
+  const tmp = await getTmp(transformDependencies(compiledTemplate))
+
   await $(packageManager.init, { cwd: tmp.cwd })
   await $(`${packageManager.install} ${dependencies.join(' ')}`, {
     cwd: tmp.cwd