runframe 1.0.0

package/dist/worker-pool.js

@@ -0,0 +1,144 @@
+/**
+ * Worker thread pool for reusing workers
+ * Dramatically reduces memory and spawn overhead
+ */
+import { Worker } from "node:worker_threads";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+export class WorkerPool {
+    constructor(config) {
+        this.workers = [];
+        this.waitQueue = [];
+        this.config = config;
+        // Pre-spawn minimum workers
+        for (let i = 0; i < config.minWorkers; i++) {
+            this.workers.push(this.createPooledWorker());
+        }
+    }
+    createPooledWorker() {
+        const worker = new Worker(path.resolve(__dirname, "worker.js"), {
+            execArgv: [`--max-old-space-size=${this.config.memoryMb}`]
+        });
+        return {
+            worker,
+            busy: false,
+            lastUsed: Date.now()
+        };
+    }
+    /**
+     * Get an available worker from the pool
+     */
+    async acquire() {
+        // Find idle worker
+        const idle = this.workers.find((w) => !w.busy);
+        if (idle) {
+            idle.busy = true;
+            idle.lastUsed = Date.now();
+            return idle.worker;
+        }
+        // Create new if under max
+        if (this.workers.length < this.config.maxWorkers) {
+            const pooled = this.createPooledWorker();
+            pooled.busy = true;
+            pooled.lastUsed = Date.now();
+            this.workers.push(pooled);
+            return pooled.worker;
+        }
+        // Wait for one to free up
+        return new Promise((resolve, reject) => {
+            this.waitQueue.push({ resolve, reject });
+            // Timeout after 30s
+            setTimeout(() => {
+                reject(new Error("Worker pool timeout: no available workers"));
+            }, 30000);
+        });
+    }
+    /**
+     * Release worker back to pool
+     */
+    release(worker) {
+        const pooled = this.workers.find((w) => w.worker === worker);
+        if (!pooled)
+            return;
+        pooled.busy = false;
+        pooled.lastUsed = Date.now();
+        // Check if anyone is waiting
+        const waiter = this.waitQueue.shift();
+        if (waiter) {
+            pooled.busy = true;
+            pooled.lastUsed = Date.now();
+            waiter.resolve(worker);
+        }
+    }
+    /**
+     * Clean up idle workers
+     */
+    cleanup() {
+        const now = Date.now();
+        let idx = this.workers.length - 1;
+        while (idx >= 0) {
+            const pooled = this.workers[idx];
+            // Keep minimum workers
+            if (this.workers.length <= this.config.minWorkers) {
+                break;
+            }
+            // Kill if idle and not busy
+            if (!pooled.busy && now - pooled.lastUsed > this.config.idleTimeout) {
+                pooled.worker.terminate();
+                this.workers.splice(idx, 1);
+            }
+            idx--;
+        }
+    }
+    /**
+     * Terminate all workers
+     */
+    async destroy() {
+        for (const pooled of this.workers) {
+            await pooled.worker.terminate();
+        }
+        this.workers = [];
+        this.waitQueue = [];
+    }
+    /**
+     * Get pool stats
+     */
+    stats() {
+        return {
+            totalWorkers: this.workers.length,
+            busyWorkers: this.workers.filter((w) => w.busy).length,
+            idleWorkers: this.workers.filter((w) => !w.busy).length,
+            waitingRequests: this.waitQueue.length
+        };
+    }
+}
+/**
+ * Default pool configuration
+ */
+export const DEFAULT_POOL_CONFIG = {
+    minWorkers: 2, // Keep 2 warm
+    maxWorkers: 8, // Max 8 total
+    idleTimeout: 60000, // Kill after 1 min idle
+    memoryMb: 128
+};
+/**
+ * High-concurrency configuration
+ */
+export const HIGH_CONCURRENCY_CONFIG = {
+    minWorkers: 4,
+    maxWorkers: 16,
+    idleTimeout: 30000,
+    memoryMb: 64
+};
+/**
+ * Low-resource configuration
+ */
+export const LOW_RESOURCE_CONFIG = {
+    minWorkers: 1,
+    maxWorkers: 2,
+    idleTimeout: 10000,
+    memoryMb: 32
+};
+//# sourceMappingURL=worker-pool.js.map

package/dist/worker-pool.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"worker-pool.js","sourceRoot":"","sources":["../src/worker-pool.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAC7C,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;AAe3C,MAAM,OAAO,UAAU;IAQrB,YAAY,MAAkB;QAPtB,YAAO,GAAmB,EAAE,CAAC;QAC7B,cAAS,GAGZ,EAAE,CAAC;QAIN,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,4BAA4B;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3C,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,kBAAkB,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC;IAEO,kBAAkB;QACxB,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,WAAW,CAAC,EAAE;YAC9D,QAAQ,EAAE,CAAC,wBAAwB,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;SAC3D,CAAC,CAAC;QAEH,OAAO;YACL,MAAM;YACN,IAAI,EAAE,KAAK;YACX,QAAQ,EAAE,IAAI,CAAC,GAAG,EAAE;SACrB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,mBAAmB;QACnB,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC/C,IAAI,IAAI,EAAE,CAAC;YACT,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;YACjB,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC3B,OAAO,IAAI,CAAC,MAAM,CAAC;QACrB,CAAC;QAED,0BAA0B;QAC1B,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;YACjD,MAAM,MAAM,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;YACzC,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;YACnB,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAC1B,OAAO,MAAM,CAAC,MAAM,CAAC;QACvB,CAAC;QAED,0BAA0B;QAC1B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC,CAAC;YACzC,oBAAoB;YACpB,UAAU,CAAC,GAAG,EAAE;gBACd,MAAM,CAAC,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC,CAAC;YACjE,CAAC,EAAE,KAAK,CAAC,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,OAAO,CAAC,MAAc;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC;QAC7D,IAAI,CAAC,MAAM;YAAE,OAAO;QAEpB,MAAM,CAAC,IAAI,GAAG,KAAK,CAAC;QACpB,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE7B,6BAA6B;QAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;QACtC,IAAI,MAAM,EAAE,CAAC;YACX,MAAM,CAAC,IAAI,GAAG,IAAI,CAAC;YACnB,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACzB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,OAAO;QACL,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC;QAElC,OAAO,GAAG,IAAI,CAAC,EAAE,CAAC;YAChB,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YAEjC,uBAAuB;YACvB,IAAI,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;gBAClD,MAAM;YACR,CAAC;YAED,4BAA4B;YAC5B,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,GAAG,GAAG,MAAM,CAAC,QAAQ,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;gBACpE,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;gBAC1B,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YAC9B,CAAC;YAED,GAAG,EAAE,CAAC;QACR,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,OAAO;QACX,KAAK,MAAM,MAAM,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAClC,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QAClC,CAAC;QACD,IAAI,CAAC,OAAO,GAAG,EAAE,CAAC;QAClB,IAAI,CAAC,SAAS,GAAG,EAAE,CAAC;IACtB,CAAC;IAED;;OAEG;IACH,KAAK;QACH,OAAO;YACL,YAAY,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;YACjC,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM;YACtD,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM;YACvD,eAAe,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;SACvC,CAAC;IACJ,CAAC;CACF;AASD;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAe;IAC7C,UAAU,EAAE,CAAC,EAAW,cAAc;IACtC,UAAU,EAAE,CAAC,EAAW,cAAc;IACtC,WAAW,EAAE,KAAK,EAAM,wBAAwB;IAChD,QAAQ,EAAE,GAAG;CACd,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAAe;IACjD,UAAU,EAAE,CAAC;IACb,UAAU,EAAE,EAAE;IACd,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,EAAE;CACb,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,mBAAmB,GAAe;IAC7C,UAAU,EAAE,CAAC;IACb,UAAU,EAAE,CAAC;IACb,WAAW,EAAE,KAAK;IAClB,QAAQ,EAAE,EAAE;CACb,CAAC"}

package/dist/worker.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=worker.d.ts.map

package/dist/worker.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"worker.d.ts","sourceRoot":"","sources":["../src/worker.ts"],"names":[],"mappings":""}

package/dist/worker.js

@@ -0,0 +1,39 @@
+import { parentPort, workerData } from "node:worker_threads";
+import { runInSandbox } from "./vm-runtime.js";
+(async () => {
+    try {
+        const { code, options, capabilities, seed } = workerData;
+        const { result, stats } = await runInSandbox(code, {
+            capabilities,
+            seed
+        });
+        stats.updateMemory();
+        const finalStats = stats.finish();
+        parentPort?.postMessage({
+            type: "result",
+            result,
+            stats: finalStats
+        });
+    }
+    catch (err) {
+        parentPort?.postMessage({
+            type: "error",
+            error: sanitizeError(err)
+        });
+    }
+})();
+/**
+ * Sanitize errors before returning to parent thread
+ * Prevents leaking internal implementation details
+ */
+function sanitizeError(err) {
+    if (err instanceof Error) {
+        // Only expose error message, not stack
+        return err.message;
+    }
+    if (typeof err === "string") {
+        return err;
+    }
+    return "Unknown error in sandbox";
+}
+//# sourceMappingURL=worker.js.map

package/dist/worker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"worker.js","sourceRoot":"","sources":["../src/worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAY/C,CAAC,KAAK,IAAI,EAAE;IACV,IAAI,CAAC;QACH,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,YAAY,EAAE,IAAI,EAAE,GAAG,UAAwB,CAAC;QAEvE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE;YACjD,YAAY;YACZ,IAAI;SACL,CAAC,CAAC;QAEH,KAAK,CAAC,YAAY,EAAE,CAAC;QACrB,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC;QAElC,UAAU,EAAE,WAAW,CAAC;YACtB,IAAI,EAAE,QAAQ;YACd,MAAM;YACN,KAAK,EAAE,UAAU;SAClB,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,UAAU,EAAE,WAAW,CAAC;YACtB,IAAI,EAAE,OAAO;YACb,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC;SAC1B,CAAC,CAAC;IACL,CAAC;AACH,CAAC,CAAC,EAAE,CAAC;AAEL;;;GAGG;AACH,SAAS,aAAa,CAAC,GAAY;IACjC,IAAI,GAAG,YAAY,KAAK,EAAE,CAAC;QACzB,uCAAuC;QACvC,OAAO,GAAG,CAAC,OAAO,CAAC;IACrB,CAAC;IACD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,GAAG,CAAC;IACb,CAAC;IACD,OAAO,0BAA0B,CAAC;AACpC,CAAC"}

package/package.json

@@ -0,0 +1,67 @@
+{
+  "name": "runframe",
+  "version": "1.0.0",
+  "description": "High-performance, security-hardened JavaScript sandbox for executing untrusted code with worker pooling, script caching, and resource limits",
+  "type": "module",
+  "main": "dist/sandbox.js",
+  "types": "dist/sandbox.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/sandbox.d.ts",
+      "import": "./dist/sandbox.js"
+    },
+    "./optimized": {
+      "types": "./dist/optimized-sandbox.d.ts",
+      "import": "./dist/optimized-sandbox.js"
+    },
+    "./pool": {
+      "types": "./dist/worker-pool.d.ts",
+      "import": "./dist/worker-pool.js"
+    },
+    "./cache": {
+      "types": "./dist/script-cache.d.ts",
+      "import": "./dist/script-cache.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "prepublishOnly": "npm run build",
+    "test": "node --loader tsx ./test.ts"
+  },
+  "keywords": [
+    "sandbox",
+    "vm",
+    "worker",
+    "untrusted",
+    "code-execution",
+    "security",
+    "isolation",
+    "pool",
+    "cache",
+    "performance"
+  ],
+  "author": "Soojyon",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/soojyon/nodebox"
+  },
+  "bugs": {
+    "url": "https://github.com/soojyon/nodebox/issues"
+  },
+  "homepage": "https://github.com/soojyon/nodebox#readme",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^20.19.27",
+    "tsx": "^4.7.0",
+    "typescript": "^5.3.3"
+  }
+}