Security News
PyPI Introduces Digital Attestations to Strengthen Python Package Security
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
@bonniernews/wichita
Advanced tools
Run your es6 modules in a sandbox with the experimental vm.SourceTextModule
.
The following node options are required to run this module
--experimental-vm-modules --no-warnings
If running tests with mocha you have a couple of alternatives:
// .mocharc.js
module.exports = {
"node-options": ["experimental-vm-modules", "no-warnings"],
}
NODE_OPTIONS="--experimental-vm-modules --no-warnings" mocha -R dot
Wichita takes one required argument:
sourcePath
: required script path, relative from calling fileoptions
: optional vm context options, passed to vm.createContext
moduleRoute
: route that will be used when importing modules (optional)fileCache
: optional Map, file content cacheand returns an api:
path
: absolute path to filecaller
: absolute path to calling filerun(sandbox)
: run es6 module
sandbox
: required object that will be contextified and used as global contextexports(sandbox)
: expose module export functions
sandbox
: required objectexecute(sandbox, fn)
: execute function
sandbox
: required objectfn
: function that returns module as argument, fn(es6module)
Run script:
const source = new Script("./resources/main");
await source.run({
setTimeout() {},
console,
window: {},
})
Exports:
const source = new Script("./resources/lib/module");
const {default: defaultExport, justReturn} = await source.exports({
setTimeout() {},
console,
window: {},
}
defaultExport(1);
justReturn(2);
Execute:
const source = new Script("./resources/lib/module");
await source.execute({
setTimeout() {},
console,
window: {},
}, (module) => {
module.default(1);
module.justReturn(2);
})
"use strict";
const Script = require("@bonniernews/wichita");
const assert = require("assert");
describe("script", () => {
it("executes scripts in passed context", async () => {
const source = new Script("./resources/main");
const context = {
window: {
root: true,
},
};
await source.run(context);
assert.ok(context.window.broker);
assert.ok(context.window.setByModule);
assert.equal(context.window.count, 1);
assert.ok(context.window.setByQueue);
});
it("and again", async () => {
const source = new Script("./resources/main");
const context = {
window: {
root: true,
count: 2,
},
};
await source.run(context);
assert.ok(context.window.broker);
assert.ok(context.window.setByModule);
assert.equal(context.window.count, 3);
assert.ok(context.window.setByQueue);
});
it("get module exports", async () => {
const source = new Script("./resources/lib/module");
const context = {
window: {
root: true,
},
console,
};
const {justReturn} = await source.exports(context);
assert.equal(justReturn(1), 1);
});
it("execute module function", async () => {
const source = new Script("./resources/lib/module");
const context = {
window: {
root: true,
},
console,
};
let called;
await source.execute(context, (module) => {
called = true;
assert.equal(module.justReturn(1), 1);
});
assert.ok(called);
});
});
JSON file import are imported as default:
import data from "./resources/assets/data.json";
is exported as:
export default { content_of_data_json: true };
FAQs
Run your es6 modules with imports/exports in a vm sandbox
We found that @bonniernews/wichita demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.