Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is the alternative to Node.js domain module? [closed]

The domain built-in module will be deprecated:

Stability: 0 - Deprecated

This module is pending deprecation. Once a replacement API has been finalized, this module will be fully deprecated. Most end users should not have cause to use this module. Users who absolutely must have the functionality that domains provide may rely on it for the time being but should expect to have to migrate to a different solution in the future.

According to this, they don't really recommend a solution currently. But how to implement a functionality which is similar to the below one:

var d = require('domain').create();
d.on('error', function(err) {
  console.log(err);
});
d.run(function() {
  setTimeout(function () {
     throw new Error("Something went really wrong in async code.");
  }, 1000);
});

So, this handles the errors thrown from async stuff, but the domain module is deprecated.

How to migrate this code to something better?


My use-case is that I'm writing a library which accepts a function as input and it runs the function and displays the result (actually, you can think at it as unit-testing library):

myLib.it("should do something", function (done) {
   setTimeout(function () {
        // Some async code
        // ...
        // But here an error is thrown
        throw new Error("dummy");
   }, 1000);
});

Obviously, I don't want to crash the process in this case but I do want to show a nice error (so basically catching the error in this function).

Currently in the library I do:

var err = null;
try {
   fn(callback);
} catch (e) {
   err = e;
}

console.log(err || "Everything went correctly");
like image 446
Ionică Bizău Avatar asked Nov 29 '15 19:11

Ionică Bizău


People also ask

What is domain in node JS?

Node. js domain module is used to intercept unhandled error. These unhandled error can be intercepted using internal binding or external binding. If errors are not handled at all, then they will simply crash the Node application. Internal Binding − Error emitter is executing its code within the run method of a domain.

How do I point a domain to a node js server?

You need to make your name server point to the ip. Your name server will usually be the company you bought the domain name through, for instance GoDaddy is a Domain Name Server (DNS). So if you had a domain name with them, you would go on their site under DNS settings and change the ip adress.

Why you shouldn't use node JS?

js may be excessive, as its powerful features will be simply wasted. Server-side web applications with relational databases. The reason for Node. js poor performance in this case is that its relational database tools are not as advanced as those created for other platforms.


2 Answers

Since you're real problem here is apparently how to protect your server from user-supplied code, you will need to get the user supplied code out of your main process and in a sandboxed environment that cannot do bad things to your server or server's file system. I'd suggest you start with the vm module, but even then there is plenty to read about how to protect your system.

You may also be interested in the vm2 module which adds some additional safety features on top of the vm module.

Some related articles:

Safely sandbox and execute user submitted JavaScript?

How to run user-submitted scripts securely in a node.js sandbox?

A Nifty Javascript Sandbox for Node.js

Node.js Virtual Machine (vm) Usage

Using Docker to Sandbox Untrusted Node JS Code


If you're just trying to catch errors in any code that has been supplied to you by a developer, pretty much all you can do is to put try/catch around anything you call from the outside world.

If the 3rd party code has errors in async code, those will not bubble up to any top level so there's nothing you can do about those. You also can't prevent this 3rd party code from leaking resources (like file handles, memory, etc...).

Basically, if you're going to run the 3rd party code in your process, you need to trust that it's good code, is well written, doesn't leak, handles its own errors and doesn't try to do malicious things. If you can't trust all those things, then it should be run out of process in a sandbox where you at least have a few more protections.

like image 135
jfriend00 Avatar answered Nov 10 '22 17:11

jfriend00


From all I understand there is no drop-in replacement for domain. Also there are two major efforts to replace it's functionalities:

  • AsyncWrap, which keeps track of context, but isn't exposed directly to userland
  • increase debuggability, through v8 and Chrome Dev Tools, see here

Apart from that using vm sounds suiting for your case.

like image 27
eljefedelrodeodeljefe Avatar answered Nov 10 '22 15:11

eljefedelrodeodeljefe