npm - sandbox - Versions diffs - 0.8.5 → 1.0.0-beta.1 - Mend

sandbox 0.8.5 → 1.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/bin/sandbox.mjs ADDED Viewed

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+import "@vercel/sandbox-cli/dist/sandbox.mjs";

package/dist/cli.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * This module is re-exported from `@vercel/sandbox-cli`.
+ *
+ * It provides a programmatic interface to embed the Vercel Sandbox CLI
+ * in a different CLI or application.
+ *
+ * @module sandbox/cli
+ * @packageDocumentation
+ * @private
+ */
+export * from "@vercel/sandbox-cli";

package/dist/cli.js ADDED Viewed

@@ -0,0 +1,27 @@
+"use strict";
+/**
+ * This module is re-exported from `@vercel/sandbox-cli`.
+ *
+ * It provides a programmatic interface to embed the Vercel Sandbox CLI
+ * in a different CLI or application.
+ *
+ * @module sandbox/cli
+ * @packageDocumentation
+ * @private
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("@vercel/sandbox-cli"), exports);

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * A programmatic interface to interact with Vercel Sandboxes.
+ *
+ * Using this package you can create, destroy, and run commands on Vercel Sandboxes.
+ *
+ * @see https://vercel.com/docs/vercel-sandbox
+ *
+ * @example Create a sandbox and run a command on the remote machine
+ * ```typescript
+ * import { Sandbox } from 'sandbox'
+ *
+ * const sandbox = await Sandbox.create();
+ * await sandbox.runCommand({
+ *   cmd: 'echo',
+ *   args: ['Hello, World!'],
+ *   stdout: process.stdout,
+ *   stderr: process.stderr,
+ * });
+ * ```
+ *
+ * @example Grab an existing sandbox by its ID:
+ * ```typescript
+ * import { Sandbox } from 'sandbox'
+ *
+ * const sandbox = await Sandbox.get({ sandboxId: "sbx_..." });
+ * ```
+ *
+ * @packageDocumentation
+ */
+export * from "@vercel/sandbox";

package/dist/index.js ADDED Viewed

@@ -0,0 +1,46 @@
+"use strict";
+/**
+ * A programmatic interface to interact with Vercel Sandboxes.
+ *
+ * Using this package you can create, destroy, and run commands on Vercel Sandboxes.
+ *
+ * @see https://vercel.com/docs/vercel-sandbox
+ *
+ * @example Create a sandbox and run a command on the remote machine
+ * ```typescript
+ * import { Sandbox } from 'sandbox'
+ *
+ * const sandbox = await Sandbox.create();
+ * await sandbox.runCommand({
+ *   cmd: 'echo',
+ *   args: ['Hello, World!'],
+ *   stdout: process.stdout,
+ *   stderr: process.stderr,
+ * });
+ * ```
+ *
+ * @example Grab an existing sandbox by its ID:
+ * ```typescript
+ * import { Sandbox } from 'sandbox'
+ *
+ * const sandbox = await Sandbox.get({ sandboxId: "sbx_..." });
+ * ```
+ *
+ * @packageDocumentation
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("@vercel/sandbox"), exports);

package/package.json CHANGED Viewed

@@ -1,34 +1,39 @@
 {
   "name": "sandbox",
-  "description": "A nifty javascript sandbox for node.js",
-  "homepage": "http://gf3.github.com/sandbox/",
-  "author": "Gianni Chiappetta <gianni@runlevel6.org> (http://gf3.ca)",
-  "bugs": "https://github.com/gf3/sandbox/issues",
-  "contributors": [
-    "Bradley Meck <bradley.meck@gmail.com>",
-    "Dominic Tarr (http://cyber-hobo.blogspot.com)"
-  ],
-  "version": "0.8.5",
-  "main": "./lib/sandbox",
-  "directories": {
-    "lib": "./lib"
+  "version": "1.0.0-beta.1",
+  "description": "",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "bin": {
+    "sandbox": "./bin/sandbox.mjs"
   },
-  "engines": [
-    "node >=0.5.0"
-  ],
-  "devDependencies": {
-    "mocha": "1.3.0",
-    "should": "0.6.3"
+  "exports": {
+    ".": {
+      "default": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./cli": {
+      "default": "./dist/cli.js",
+      "types": "./dist/cli.d.ts"
+    }
   },
-  "repository": {
-    "type": "git",
-    "url": "https://gf3@github.com/gf3/sandbox.git"
+  "files": [
+    "README.md",
+    "dist",
+    "bin"
+  ],
+  "private": false,
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "@vercel/sandbox": "1.0.0-beta.0",
+    "@vercel/sandbox-cli": "1.0.0-beta.0"
   },
   "scripts": {
-    "test": "mocha"
-  },
-  "license": {
-    "type": "Public Domain",
-    "url": "http://github.com/gf3/sandbox/raw/master/UNLICENSE"
+    "clean": "rm -rf node_modules dist",
+    "build": "tsc",
+    "typedoc": "turbo run build && typedoc",
+    "typecheck": "tsc --noEmit"
   }
-}
+}

package/.npmignore DELETED Viewed

	@@ -1,2 +0,0 @@
1	- *.swp
2	- node_modules

package/README.md DELETED Viewed

@@ -1,85 +0,0 @@
-# Node Sandbox
-A nifty javascript sandbox for node.js.
-## Some features
-- Can be used to execute untrusted code.
-- Support for timeouts (e.g. prevent infinite loops)
-- Handles errors gracefully
-- Restricted code (cannot access node.js methods)
-- Supports `console.log` and `print` utility methods
-## Example
-Be sure to check out [example/example.js](https://github.com/gf3/sandbox/blob/master/example/example.js)
-```javascript
-var s = new Sandbox()
-s.run( '1 + 1 + " apples"', function( output ) {
-  // output.result == "2 apples"
-})
-```
-## Documentation
-Basic syntax: `sandbox_instance.run( code, hollaback )`
-`code` is the string of Javascript to be executed.
-`hollaback` is a function, and it's called with a single argument, `output`.
-`output` is an object with two properties: `result` and `console`. The `result`
-property is an inspected string of the return value of the code. The `console`
-property is an array of all console output.
-For example, given the following code:
-```javascript
-function add( a, b ){
-  console.log( a )
-  console.log( b )
-  return a + b
-}
-add( 20, 22 )
-```
-The resulting output object is:
-```javascript
-{ result: "42"
-, console: [ "20", "22" ]
-}
-```
-## Installation & Running
-Let's get it! The easiest way is through npm:
-    npm install sandbox
-Or if you'd like to play with the code, see the examples, run the tests,
-what-the-fuck-ever...
-    git clone git://github.com/gf3/sandbox.git
-And run some examples:
-    node example/example.js
-## Tests
-To run the tests simply run the test file with node.
-    node test/sandbox_test.js
-## License
-Sandbox is [UNLICENSED](http://unlicense.org/).
-## Author
-- Written by [Gianni Chiappetta](http://github.com/gf3) &ndash; [gf3.ca](http://gf3.ca)
-- Contributions by [Bradley Meck](https://github.com/bmeck)
-- Contributions by [Dominic Tarr](http://github.com/dominictarr) &ndash; [cyber-hobo.blogspot.com](http://cyber-hobo.blogspot.com/)

package/UNLICENSE DELETED Viewed

@@ -1,25 +0,0 @@
-This is free and unencumbered software released into the public domain.
-Anyone is free to copy, modify, publish, use, compile, sell, or
-distribute this software, either in source code form or as a compiled
-binary, for any purpose, commercial or non-commercial, and by any
-means.
-In jurisdictions that recognize copyright laws, the author or authors
-of this software dedicate any and all copyright interest in the
-software to the public domain. We make this dedication for the benefit
-of the public at large and to the detriment of our heirs and
-successors. We intend this dedication to be an overt act of
-relinquishment in perpetuity of all present and future rights to this
-software under copyright law.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-OTHER DEALINGS IN THE SOFTWARE.
-For more information, please refer to <http://unlicense.org/>

package/example/example.js DELETED Viewed

@@ -1,53 +0,0 @@
-var Sandbox = require("../lib/sandbox")
-  , s = new Sandbox()
-// Example 1 - Standard JS
-s.run( "1 + 1", function( output ) {
-  console.log( "Example 1: " + output.result + "\n" )
-})
-// Example 2 - Something slightly more complex
-s.run( "(function(name) { return 'Hi there, ' + name + '!'; })('Fabio')", function( output ) {
-  console.log( "Example 2: " + output.result + "\n" )
-})
-// Example 3 - Syntax error
-s.run( "lol)hai", function( output ) {
-  console.log( "Example 3: " + output.result + "\n" )
-});
-// Example 4 - Restricted code
-s.run( "process.platform", function( output ) {
-  console.log( "Example 4: " + output.result + "\n" )
-})
-// Example 5 - Infinite loop
-s.run( "while (true) {}", function( output ) {
-  console.log( "Example 5: " + output.result + "\n" )
-})
-// Example 6 - Caller Attack Failure
-s.run( "(function foo() {return foo.caller.caller;})()", function( output ) {
-  console.log( "Example 6: " + output.result + "\n" )
-})
-// Example 7 - Argument Attack Failure
-s.run( "(function foo() {return [].slice.call(foo.caller.arguments);})()", function( output ) {
-  console.log( "Example 7: " + output.result + "\n" )
-})
-// Example 8 - Type Coersion Attack Failure
-s.run( "(function foo() {return {toJSON:function x(){return x.caller.caller.name}}})()", function( output ) {
-  console.log( "Example 8: " + output.result + "\n" )
-})
-// Example 9 - Global Attack Failure
-s.run( "x=1;(function() {return this})().console.log.constructor('return this')()", function( output ) {
-  console.log( "Example 9: " + output.result + "\n" )
-})
-// Example 10 - Console Log
-s.run( "var x = 5; console.log(x * x); x", function( output ) {
-  console.log( "Example 10: " + output.console + "\n" )
-})

package/lib/sandbox.js DELETED Viewed

@@ -1,82 +0,0 @@
-//-----------------------------------------------------------------------------
-// Init
-//-----------------------------------------------------------------------------
-var fs    = require('fs');
-var path  = require('path');
-var spawn = require('child_process').spawn;
-//-----------------------------------------------------------------------------
-// Constructor
-//-----------------------------------------------------------------------------
-function Sandbox(options) {
-  (this.options = options || {}).__proto__ = Sandbox.options;
-}
-//-----------------------------------------------------------------------------
-// Instance Methods
-//-----------------------------------------------------------------------------
-Sandbox.prototype.run = function(code, hollaback) {
-  var timer;
-  var stdout = '';
-  var child  = spawn(this.options.node, [this.options.shovel]);
-  var output = function(data) {
-    if (!!data)
-      stdout += data;
-  };
-  if (typeof hollaback == 'undefined')
-    hollaback = console.log;
-  else
-    hollaback = hollaback.bind(this);
-  // Listen
-  child.stdout.on('data', output);
-  child.on('exit', function(code) {
-    clearTimeout(timer);
-    setImmediate(function(){
-      if (!code && !stdout)
-        hollaback({ result: 'Error', console: [] });
-      else
-        hollaback(JSON.parse(stdout));
-    });
-  });
-  // Go
-  child.stdin.write(code);
-  child.stdin.end();
-  timer = setTimeout(function() {
-    child.stdout.removeListener('output', output);
-    stdout = JSON.stringify({ result: 'TimeoutError', console: [] });
-    child.kill('SIGKILL');
-  }, this.options.timeout);
-};
-//-----------------------------------------------------------------------------
-// Class Properties
-//-----------------------------------------------------------------------------
-Sandbox.options = {
-  timeout: 500,
-  node:    'node',
-  shovel:  path.join(__dirname, 'shovel.js')
-};
-fs.readFile(path.join(__dirname, '..', 'package.json'), function(err, data) {
-  if (err)
-    throw err;
-  else
-    Sandbox.info = JSON.parse(data);
-});
-//-----------------------------------------------------------------------------
-// Export
-//-----------------------------------------------------------------------------
-module.exports = Sandbox;

package/lib/shovel.js DELETED Viewed

@@ -1,88 +0,0 @@
-//-----------------------------------------------------------------------------
-// Init
-//-----------------------------------------------------------------------------
-var util = require('util')
-var code;
-var result;
-var console;
-var sandbox;
-var Script;
-var stdin;
-if (!(Script = process.binding( 'evals').NodeScript))
-  if (!(Script = process.binding('evals').Script))
-    Script = require('vm');
-//-----------------------------------------------------------------------------
-// Sandbox
-//-----------------------------------------------------------------------------
-// Get code
-console = [];
-code    = '';
-stdin   = process.openStdin();
-stdin.on('data', function(data) {
-  code += data;
-});
-stdin.on('end', run);
-function getSafeRunner() {
-  var global = this;
-  // Keep it outside of strict mode
-  function UserScript(str) {
-    // We want a global scoped function that has implicit returns.
-    return Function('return eval('+JSON.stringify(str+'')+')');
-  }
-  // place with a closure that is not exposed thanks to strict mode
-  return function run(comm, src) {
-    // stop argument / caller attacks
-    "use strict";
-    var send = function send(event) {
-      "use strict";
-      //
-      // All comm must be serialized properly to avoid attacks, JSON or XJSON
-      //
-      comm.send(event, JSON.stringify([].slice.call(arguments,1)));
-    }
-    global.print = send.bind(global, 'stdout');
-    global.console = {};
-    global.process = { stdout: { write: send.bind(global, 'stdout') } };
-    var result = UserScript(src)();
-    send('end', result);
-  }
-}
-// Run code
-function run() {
-  var context = Script.createContext();
-  var safeRunner = Script.runInContext('('+getSafeRunner.toString()+')()', context);
-  var result;
-  try {
-    safeRunner({
-      send: function (event, value) {
-        "use strict";
-        switch (event) {
-          case 'stdout':
-            console.push(JSON.parse(value)[0]);
-            break;
-          case 'end':
-            result = JSON.parse(value)[0];
-            break;
-        }
-      }
-    }, code);
-  }
-  catch (e) {
-    result = e.name + ': ' + e.message;
-    // throw e;
-  }
-  process.stdout.on('drain', function() {
-    process.exit(0);
-  });
-  process.stdout.write(JSON.stringify({ result: util.inspect(result), console: console }));
-}

package/test/sandbox.js DELETED Viewed

@@ -1,68 +0,0 @@
-//-----------------------------------------------------------------------------
-// Init
-//-----------------------------------------------------------------------------
-var should  = require('should');
-var Sandbox = require('../lib/sandbox');
-var sb      = new Sandbox();
-//-----------------------------------------------------------------------------
-// Tests
-//-----------------------------------------------------------------------------
-describe('Sandbox', function() {
-  it('should execute basic javascript', function() {
-    sb.run('1 + 1', function(output) {
-      output.result.should.eql('2');
-    });
-  });
-  it('should gracefully handle syntax errors', function() {
-    sb.run('hi )there', function(output) {
-      output.result.should.eql("'SyntaxError: Unexpected token )'");
-    });
-  });
-  it('should effectively prevent code from accessing node', function() {
-    sb.run('process.platform', function(output) {
-      output.result.should.eql("'ReferenceError: process is not defined'");
-    });
-  });
-  it('should effectively prevent code from circumventing the sandbox', function() {
-    sb.run("var sys=require('sys'); sys.puts('Up in your fridge')", function(output) {
-      output.result.should.eql("'ReferenceError: require is not defined'");
-    });
-  });
-  it('should timeout on infinite loops', function() {
-    sb.run('while ( true ) {}', function(output) {
-      output.result.should.eql('TimeoutError');
-    });
-  });
-  it('should allow console output via `console.log`', function() {
-    sb.run('console.log(7); 42', function(output) {
-      output.result.should.eql('42');
-      output.console[0].should.eql(7);
-    });
-  });
-  it('should allow console output via `print`', function() {
-    sb.run('print(7); 42', function(output) {
-      output.result.should.eql('42');
-      output.console[0].should.eql(7);
-    });
-  });
-  it('should maintain the order of sync. console output', function() {
-    sb.run('console.log("first"); console.log("second"); 42', function(output) {
-      output.result.should.eql('42');
-      output.console[0].should.eql('first');
-      output.console[1].should.eql('second');
-    });
-  });
-});

package/tmp.js DELETED Viewed

@@ -1,8 +0,0 @@
-var Sandbox = require("./lib/sandbox")
-  , s = new Sandbox()
-// Example 10 - Console Log
-s.run( "var x = 5; console.log(x * x); console.log('pewpew');  x", function( output ) {
-  console.log( "Example 10: " + output.console + "\n" )
-})