[![npm version](https://badgen.now.sh/npm/v/isolated-vm)](https://www.npmjs.com/package/isolated-vm)
[![isc license](https://badgen.now.sh/npm/license/isolated-vm)](https://github.com/laverdet/isolated-vm/blob/main/LICENSE)
[![travis build](https://badgen.now.sh/travis/laverdet/isolated-vm/main)](https://app.travis-ci.com/github/laverdet/isolated-vm)
[![npm downloads](https://badgen.now.sh/npm/dm/isolated-vm)](https://www.npmjs.com/package/isolated-vm)
isolated-vm -- Access to multiple isolates in nodejs
====================================================
[![NPM](https://nodei.co/npm/isolated-vm.png)](https://www.npmjs.com/package/isolated-vm)
`isolated-vm` is a library for nodejs which gives you access to v8's `Isolate` interface. This
allows you to create JavaScript environments which are completely *isolated* from each other. This
can be a powerful tool to run code in a fresh JavaScript environment completely free of extraneous
capabilities provided by the nodejs runtime.
* [Requirements](#requirements)
* [Who Is Using isolated-vm](#who-is-using-isolated-vm)
* [Security](#security)
* [API Documentation](#api-documentation)
* [Isolate](#class-isolate-transferable)
* [Context](#class-context-transferable)
* [Script](#class-script-transferable)
* [Module](#class-module-transferable)
* [Callback](#class-callback-transferable)
* [Reference](#class-reference-transferable)
* [ExternalCopy](#class-externalcopy-transferable)
* [Examples](#examples)
* [Alternatives](#alternatives)
REQUIREMENTS
------------
This project requires nodejs version 10.4.0 (or later).
Furthermore, to install this module you will need a compiler installed. If you run into errors while
running `npm install isolated-vm` it is likely you don't have a compiler set up, or your compiler is
too old.
* Windows + OS X users should follow the instructions here: [node-gyp](https://github.com/nodejs/node-gyp)
* Ubuntu users should run: `sudo apt-get install python g++ build-essential`
* Alpine users should run: `sudo apk add python make g++`
* Amazon Linux AMI users should run: `sudo yum install gcc72 gcc72-c++`
* Arch Linux users should run: `sudo pacman -S make gcc python`
WHO IS USING ISOLATED-VM
------------------------
* [Screeps](https://screeps.com/) - Screeps is an online JavaScript-based MMO+RPG game. They are
using isolated-vm to run arbitrary player-supplied code in secure environments which can persistent
for several days at a time.
* [Fly](https://fly.io/) - Fly is a programmable CDN which hosts dynamic endpoints as opposed to
just static resources. They are using isolated-vm to run globally distributed applications, where
each application may have wildly different traffic patterns.
* [Algolia](https://www.algolia.com) - Algolia is a Search as a Service provider. They use
`isolated-vm` to power their [Custom Crawler](https://www.algolia.com/products/crawler/) product,
which allows them to safely execute user-provided code for content extraction.
* [Tripadvisor](https://www.tripadvisor.com) - Tripadvisor is the world’s largest travel platform.
They use `isolated-vm` to server-side render thousands of React pages per second.
SECURITY
--------
Running untrusted code is an extraordinarily difficult problem which must be approached with great
care. Use of `isolated-vm` to run untrusted code does not automatically make your application safe.
Through carelessness or misuse of the library it can be possible to leak sensitive data or grant
undesired privileges to an isolate.
At a minimum you should take care not to leak any instances of `isolated-vm` objects (`Reference`,
`ExternalCopy`, etc) to untrusted code. It is usually trivial for an attacker to use these instances
as a springboard back into the nodejs isolate which will yield complete control over a process.
Additionally, it is wise to keep nodejs up to date through point releases which affect v8. You can
find these on the [nodejs changelog](https://github.com/nodejs/node/blob/master/CHANGELOG.md) by
looking for entries such as "update V8 to 9.1.269.36 (Michaël Zasso) #38273". Historically there
have usually been 3-5 of these updates within a single nodejs LTS release cycle. It is *not*
recommended to use odd-numbered nodejs releases since these frequently break ABI and API
compatibility and isolated-vm doesn't aim to be compatible with bleeding edge v8.
Against potentially hostile code you should also consider turning on [v8 untrusted code
mitigations](https://v8.dev/docs/untrusted-code-mitigations), which helps address the class of
speculative execution attacks known as Spectre and Meltdown. You can enable this feature by running
`node` with the `--untrusted-code-mitigations` flag. This feature comes with a slight performance
cost and must be enabled per-process, therefore nodejs disables it by default.
v8 is a relatively robust runtime, but there are always new and exciting ways to crash, hang,
exploit, or otherwise disrupt a process with plain old JavaScript. Your application must be
resilient to these kinds of issues and attacks. It's a good idea to keep instances of `isolated-vm`
in a different nodejs process than other critical infrastructure.
If [advanced persistent threats](https://en.wikipedia.org/wiki/Advanced_persistent_threat) are
within your threat model it's a very good idea to architect your application using a foundation
similar to Chromium's [site
isolation](https://www.chromium.org/Home/chromium-security/site-isolation). You'll also need to make
sure to keep your system kernel up to date against [local privilege
escalation](https://en.wikipedia.org/wiki/Privilege_escalation) attacks. Running your service in a
container such as a Docker may be a good idea but it is important to research container escape
attacks as well.
API DOCUMENTATION
-----------------
Since isolates share no resources with each other, most of this API is built to provide primitives
which make marshalling data between many isolates quick and easy. The only way to pass data from one
isolate to another is to first make that data *transferable*. Primitives (except for `Symbol`) are
always transferable. This means if you invoke a function in a different isolate with a number or
string as the argument, it will work fine. If you need to pass more complex information you will
have to first make the data transferable with one of the methods here.
Most methods will provide both a synchronous and an asynchronous version. Calling the synchronous
functions will block your thread while the method runs and eventually returns a value. The
asynchronous functions will return a
[Promise](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Promise)
while the work runs in a separate thread pool.
There are some rules about which functions may be called from certain contexts:
1. Asynchronous functions may be called at any time
2. Synchronous functions usually may not be called from an asynchronous function
3. You may call a synchronous function from an asynchronous function as long as that function
belongs to current isolate
4. You may call a synchronous function belonging to the default nodejs isolate at any time
Additionally, some methods will provide an "ignored" version which runs asynchronously but returns
no promise. This can be a good option when the calling isolate would ignore the promise anyway,
since the ignored versions can skip an extra thread synchronization. Just be careful because this
swallows any thrown exceptions which might make problems hard to track down.
It's also worth noting that all asynchronous invocations will run in the order they were queued,
regardless of whether or not you wait on them. So, for instance, you could call several "ignored"
methods in a row and then `await` on a final async method to observe some side-effect of the
ignored methods.
### Class: `Isolate` *[transferable]*
This is the main reference to an isolate. Every handle to an isolate is transfera
没有合适的资源?快使用搜索试试~ 我知道了~
isolated-vm
共179个文件
js:76个
h:55个
cc:30个
需积分: 2 0 下载量 7 浏览量
2023-07-23
16:42:51
上传
评论
收藏 550KB ZIP 举报
温馨提示
isolated-vm
资源推荐
资源详情
资源评论
收起资源包目录
isolated-vm (179个子文件)
isolate_handle.cc 22KB
reference_handle.cc 21KB
environment.cc 19KB
module_handle.cc 17KB
external_copy.cc 17KB
three_phase_task.cc 12KB
transferable.cc 8KB
context_handle.cc 8KB
cpu_profile_manager.cc 7KB
stack_trace.cc 7KB
timer.cc 6KB
inspector.cc 6KB
executor.cc 5KB
session_handle.cc 5KB
scheduler.cc 5KB
callback.cc 5KB
allocator_nortti.cc 5KB
isolate.cc 5KB
external_copy_handle.cc 4KB
string.cc 4KB
evaluation.cc 4KB
native_module_handle.cc 4KB
script_handle.cc 3KB
thread_pool.cc 3KB
lib_handle.cc 3KB
serializer.cc 2KB
example.cc 2KB
serializer_nortti.cc 2KB
holder.cc 2KB
platform_delegate.cc 664B
.clang-tidy 921B
binding.gyp 3KB
binding.gyp 436B
nodejs_v18.3.0.h 13KB
nodejs_v18.0.0.h 13KB
nodejs_v16.11.0.h 12KB
nodejs_v16.0.0.h 12KB
environment.h 12KB
class_handle.h 11KB
handle_cast.h 10KB
callbacks.h 10KB
run_with_timeout.h 5KB
executor.h 5KB
extract_params.h 5KB
remote_handle.h 5KB
lockable.h 5KB
scheduler.h 5KB
serializer.h 5KB
three_phase_task.h 4KB
error.h 4KB
strings.h 4KB
external_copy.h 4KB
evaluation.h 4KB
array.h 4KB
functor_runners.h 3KB
reference_handle.h 3KB
cpu_profile_manager.h 2KB
inspector.h 2KB
suspend.h 2KB
module_handle.h 2KB
external_copy_handle.h 2KB
external.h 2KB
isolate_handle.h 2KB
holder.h 2KB
platform_delegate.h 2KB
isolated_vm.h 2KB
read_option.h 2KB
callback.h 2KB
native_module_handle.h 1KB
covariant.h 1KB
transferable.h 1KB
util.h 1KB
timer.h 1KB
thread_pool.h 1KB
context_handle.h 1010B
stack_trace.h 981B
script_handle.h 971B
allocator.h 945B
string.h 933B
session_handle.h 930B
runnable.h 848B
error.h 832B
lib_handle.h 697B
specific.h 678B
v8_version.h 530B
v8_inspector_wrapper.h 399B
transferable.h 317B
node_wrapper.h 312B
module-basic.js 7KB
exception-info.js 5KB
external-copy-strings.js 4KB
cpu-profiler.js 3KB
array-buffer-copy.js 3KB
reference.js 3KB
transfer-options.js 2KB
cached-data.js 2KB
cpu-wall-timer.js 2KB
async-rentry.js 2KB
shared-array-buffer.js 2KB
demo.js 2KB
共 179 条
- 1
- 2
资源评论
薛定谔--猫Cat
- 粉丝: 0
- 资源: 4
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- HITK0203MP-VB一款N-Channel沟道SOT23的MOSFET晶体管参数介绍与应用说明
- HITK0202MP-VB一款N-Channel沟道SOT23的MOSFET晶体管参数介绍与应用说
- 电子电气工程师使用的单位和符号
- HITK0201MP-VB一款N-Channel沟道SOT23的MOSFET晶体管参数介绍与应用说明
- MyBatis动态SQL:构建灵活查询的利器.md
- HITJ0303MP-VB一款P-Channel沟道SOT23的MOSFET晶体管参数介绍与应用说明
- tesseract安装包
- 1_32陀螺仪舵机.zip
- HITJ0302MP-VB一款P-Channel沟道SOT23的MOSFET晶体管参数介绍与应用说明
- XILINXFPGA源码PCIExpress标准概述
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功