What is the alternative to Node.js domain module? [closed]

Question

The domain built-in module will be deprecated:

Stability: 0 - Deprecated

This module is pending deprecation. Once a replacement API has been finalized, this module will be fully deprecated. Most end users should not have cause to use this module. Users who absolutely must have the functionality that domains provide may rely on it for the time being but should expect to have to migrate to a different solution in the future.

According to this, they don't really recommend a solution currently. But how to implement a functionality which is similar to the below one:

var d = require('domain').create();
d.on('error', function(err) {
  console.log(err);
});
d.run(function() {
  setTimeout(function () {
     throw new Error("Something went really wrong in async code.");
  }, 1000);
});

So, this handles the errors thrown from async stuff, but the domain module is deprecated.

How to migrate this code to something better?

---

My use-case is that I'm writing a library which accepts a function as input and it runs the function and displays the result (actually, you can think at it as unit-testing library):

myLib.it("should do something", function (done) {
   setTimeout(function () {
        // Some async code
        // ...
        // But here an error is thrown
        throw new Error("dummy");
   }, 1000);
});

Obviously, I don't want to crash the process in this case but I do want to show a nice error (so basically catching the error in this function).

Currently in the library I do:

var err = null;
try {
   fn(callback);
} catch (e) {
   err = e;
}

console.log(err || "Everything went correctly");

Answer 1

Since you're real problem here is apparently how to protect your server from user-supplied code, you will need to get the user supplied code out of your main process and in a sandboxed environment that cannot do bad things to your server or server's file system. I'd suggest you start with the vm module, but even then there is plenty to read about how to protect your system.

You may also be interested in the vm2 module which adds some additional safety features on top of the vm module.

Some related articles:

Safely sandbox and execute user submitted JavaScript?

How to run user-submitted scripts securely in a node.js sandbox?

A Nifty Javascript Sandbox for Node.js

Node.js Virtual Machine (vm) Usage

Using Docker to Sandbox Untrusted Node JS Code

---

If you're just trying to catch errors in any code that has been supplied to you by a developer, pretty much all you can do is to put try/catch around anything you call from the outside world.

If the 3rd party code has errors in async code, those will not bubble up to any top level so there's nothing you can do about those. You also can't prevent this 3rd party code from leaking resources (like file handles, memory, etc...).

Basically, if you're going to run the 3rd party code in your process, you need to trust that it's good code, is well written, doesn't leak, handles its own errors and doesn't try to do malicious things. If you can't trust all those things, then it should be run out of process in a sandbox where you at least have a few more protections.

Answer 2

From all I understand there is no drop-in replacement for domain. Also there are two major efforts to replace it's functionalities:

• AsyncWrap, which keeps track of context, but isn't exposed directly to userland
• increase debuggability, through v8 and Chrome Dev Tools, see here

Apart from that using vm sounds suiting for your case.