@bonniernews/wichita
Advanced tools
Run your es6 modules in a sandbox with the experimental vm.SourceTextModule.
The following node options are required to run this module
--experimental-vm-modules --no-warnings
If running tests with mocha you have a couple of alternatives:
// .mocharc.js
module.exports = {
"node-options": ["experimental-vm-modules", "no-warnings"],
}
NODE_OPTIONS="--experimental-vm-modules --no-warnings" mocha -R dot
Wichita takes one required argument:
sourcePath: required script path, relative from calling fileoptions: optional vm context options, passed to vm.createContext
moduleRoute: route that will be used when importing modules (optional)fileCache: optional Map, file content cacheand returns an api:
path: absolute path to filecaller: absolute path to calling filerun(sandbox): run es6 module
sandbox: required object that will be contextified and used as global contextexports(sandbox): expose module export functions
sandbox: required objectexecute(sandbox, fn): execute function
sandbox: required objectfn: function that returns module as argument, fn(es6module)Run script:
const source = new Script("./resources/main");
await source.run({
setTimeout() {},
console,
window: {},
})
Exports:
const source = new Script("./resources/lib/module");
const {default: defaultExport, justReturn} = await source.exports({
setTimeout() {},
console,
window: {},
}
defaultExport(1);
justReturn(2);
Execute:
const source = new Script("./resources/lib/module");
await source.execute({
setTimeout() {},
console,
window: {},
}, (module) => {
module.default(1);
module.justReturn(2);
})
"use strict";
const Script = require("@bonniernews/wichita");
const assert = require("assert");
describe("script", () => {
it("executes scripts in passed context", async () => {
const source = new Script("./resources/main");
const context = {
window: {
root: true,
},
};
await source.run(context);
assert.ok(context.window.broker);
assert.ok(context.window.setByModule);
assert.equal(context.window.count, 1);
assert.ok(context.window.setByQueue);
});
it("and again", async () => {
const source = new Script("./resources/main");
const context = {
window: {
root: true,
count: 2,
},
};
await source.run(context);
assert.ok(context.window.broker);
assert.ok(context.window.setByModule);
assert.equal(context.window.count, 3);
assert.ok(context.window.setByQueue);
});
it("get module exports", async () => {
const source = new Script("./resources/lib/module");
const context = {
window: {
root: true,
},
console,
};
const {justReturn} = await source.exports(context);
assert.equal(justReturn(1), 1);
});
it("execute module function", async () => {
const source = new Script("./resources/lib/module");
const context = {
window: {
root: true,
},
console,
};
let called;
await source.execute(context, (module) => {
called = true;
assert.equal(module.justReturn(1), 1);
});
assert.ok(called);
});
});
JSON file import are imported as default:
import data from "./resources/assets/data.json";
is exported as:
export default { content_of_data_json: true };
FAQs
Run your es6 modules with imports/exports in a vm sandbox
We found that @bonniernews/wichita demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 8 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.