@endo/static-module-record

Shim for the SES StaticModuleRecord and module-to-program transformer

0.6.13
Source
npm

Version published: 3 years ago

Weekly downloads: 1.8K; decreased by-43.23%

Maintainers: 4

Weekly downloads

Created: 4 years ago

Source

StaticModuleRecord

This package provides a shim for the StaticModuleRecord constructor, suitable for use with the SES shim importHook. The static module record accepts a JavaScript module and converts it into a form that SES can use to securely emulate JavaScript modules (ESMs, the mjs file format) with compartments.

import 'ses';
import { StaticModuleRecord } from '@endo/static-module-record`;

const c1 = new Compartment({}, {}, {
  name: "first compartment",
  resolveHook: (moduleSpecifier, moduleReferrer) => {
    return resolve(moduleSpecifier, moduleReferrer);
  },
  importHook: async moduleSpecifier => {
    const moduleLocation = locate(moduleSpecifier);
    const moduleText = await retrieve(moduleLocation);
    return new StaticModuleRecord(moduleText, moduleLocation);
  },
});

Bug Disclosure

Please help us practice coordinated security bug disclosure, by using the instructions in SECURITY.md to report security-sensitive bugs privately.

For non-security bugs, please use the regular Issues page.

Keywords

FAQs

What is @endo/static-module-record?

Is @endo/static-module-record popular?

Is @endo/static-module-record well maintained?

Package last updated on 18 Feb 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@endo/static-module-record

StaticModuleRecord

Bug Disclosure

Keywords

Related posts

Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware

Skuld Infostealer Returns to npm with Fake Windows Utilities and Malicious Solara Development Packages