Overview
This is a research comparison of different JavaScript sandboxing solutions, exploring how to safely execute untrusted JavaScript code in Node.js environments. The research was triggered by interest in Node.js worker threads and expanded into a comprehensive analysis of multiple sandboxing approaches.
The Breakdown
- isolated-vm - provides V8 isolates for running JavaScript in completely separate execution contexts with controlled resource limits
- vm2 and quickjs-emscripten/QuickJS-NG - offer different approaches to creating secure JavaScript execution environments with varying levels of isolation
- ShadowRealm proposal - represents a future standard for native JavaScript sandboxing built into the language itself
- Deno Workers - demonstrate how modern runtimes can provide secure by default JavaScript execution with explicit permission models
- Node.js worker threads - enable parallel JavaScript execution that can be leveraged for sandboxing scenarios