Menu
I would like to execute user-submitted JS files safely in my own Node.js application. The user can submit multiple files which can be required and executed by their index.js file which is triggered from my node process.
I have looked into some sandboxing solutions but they either limit the required capabilities or end up breaking the sandbox once a file is "required".
I have looked into vm, vm2, eval etc.
I'd like to restrict access to global variables like process and also restrict access to certain node libraries.
451
asked Feb 28 '26 04:02
If packages such as vm2 don't satisfy you, I think nothing in node.js will satisfy you. One option if you're running on linux is to use chroot (either using the chroot module or by spawning it with child_process), which would let you full control over the environment the untrusted code is executed in.
73
answered Mar 02 '26 17:03
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With