Advantages over the native VM module #59
Labels
Comments
|
The vm2 library doesn't fix anything, it uses internal VM as is. The reason to use vm2 is to execute a code and prevent it to access things outside the VM context. |
|
Though would it be the same of just running vm.runInNewContext(code, ctx)
where ctx is a user defined sandbox?
I kind of fail to see how this library would help more than the VM module
already does.
…On Mar 2, 2017 10:38 PM, "Patrik Simek" ***@***.***> wrote:
The vm2 library doesn't fix anything, it uses internal VM as is. The
reason to use vm2 is to execute a code and prevent it to access things
outside the VM context.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#59 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAUC5Lgs0WWq14ps-7u2CMFfCoxISmukks5rhyjdgaJpZM4MRFcW>
.
|
|
You can try it yourself: const vm = require('vm');
vm.runInNewContext('this.constructor.constructor("return process")().exit()');
console.log('Never gets executed.');vs const {VM} = require('vm2');
new VM().run('this.constructor.constructor("return process")().exit()'); |
|
Ouch :( that's nasty! Thanks for updating the readme. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello there :)
Just wanted to know if there are clear advantages using vm2 over node's native VM module -- tried to look for it in the readme but couldnt find anything. I'm using vm on node 7 and was wondering if I should potentially look at vm2 if it fixes / handles specific use-cases.
Cheers!
The text was updated successfully, but these errors were encountered: