NodeJS Memory Leak when using VM to execute untrusted code

Question

I am using the NodeJS VM Module to run untrusted code safely. I have noticed a huge memory leak that takes about 10M of memory on each execution and does not release it. Eventually, my node process ends up using 500M+ of memory. After some digging, I traced the problem to the constant creation of VMs. To test my theory, I commented out the code that creates the VMs. Sure enough, the memory usage dropped dramatically. I then uncommented the code again and placed global.gc() calls strategically around the problem areas and ran node with the--expose-gc flag. This reduced my memory usage dramatically and retained the functionality.

Is there a better way of cleaning up VMs after I am done using it?

My next approach is the cache the vm containing the given unsafe code and reusing it if it I see the unsafe code again (Background:I am letting users write their own parsing function for blocks of text, thus, the unsafe code be executed frequently or executed once and never seen again).

Some reference code.

  async.each(items,function(i,cb){
            // Initialize context...
            var context = vm.createContext(init);

            // Execute untrusted code
            var captured = vm.runInContext(parse, context);

            // This dramatically improves the usage, but isn't 
            //   part of the standard API
            // global.gc();

            // Return Result via a callback
            cb(null,captured);
     });

Answer 1

When I see this right this was fixed in v5.9.0, see this PR. It appears that in those cases both node core maintainer nor programmers can do much - that we pretty much have to wait for a upstream fix in v8.

So no, you can't do anything more about it. Catching this bug was good though!