-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Advantages over the native VM module #59
Labels
Comments
The vm2 library doesn't fix anything, it uses internal VM as is. The reason to use vm2 is to execute a code and prevent it to access things outside the VM context. |
Though would it be the same of just running vm.runInNewContext(code, ctx)
where ctx is a user defined sandbox?
I kind of fail to see how this library would help more than the VM module
already does.
…On Mar 2, 2017 10:38 PM, "Patrik Simek" ***@***.***> wrote:
The vm2 library doesn't fix anything, it uses internal VM as is. The
reason to use vm2 is to execute a code and prevent it to access things
outside the VM context.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#59 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAUC5Lgs0WWq14ps-7u2CMFfCoxISmukks5rhyjdgaJpZM4MRFcW>
.
|
You can try it yourself: const vm = require('vm');
vm.runInNewContext('this.constructor.constructor("return process")().exit()');
console.log('Never gets executed.'); vs const {VM} = require('vm2');
new VM().run('this.constructor.constructor("return process")().exit()'); |
Ouch :( that's nasty! Thanks for updating the readme. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello there :)
Just wanted to know if there are clear advantages using vm2 over node's native VM module -- tried to look for it in the readme but couldnt find anything. I'm using vm on node 7 and was wondering if I should potentially look at vm2 if it fixes / handles specific use-cases.
Cheers!
The text was updated successfully, but these errors were encountered: