New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@hapify/vm

Package Overview
Dependencies
Maintainers
2
Versions
10
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@hapify/vm - npm Package Compare versions

Comparing version
0.3.6
 to
1.0.1
+18
CHANGELOG.md
# Changelog
All notable changes to this project will be documented in this file. See
[Conventional Commits](https://conventionalcommits.org) for commit guidelines.
## @hapify/vm [1.0.1](https://github.com/hapify/hapify/compare/@hapify/vm@1.0.0...@hapify/vm@1.0.1) (2021-04-15)
### Bug Fixes
* console accessible ([#12](https://github.com/hapify/hapify/issues/12)) ([68b13fd](https://github.com/hapify/hapify/commit/68b13fdc238bfa0c449f801ff7c0ba323945dfdb))
# @hapify/vm 1.0.0 (2021-04-15)
### Features
* change hapify repo into a monorepo to host all related hapify packages ([#9](https://github.com/hapify/hapify/issues/9)) ([d76feb3](https://github.com/hapify/hapify/commit/d76feb3683a045dad2a38df024c0e2521f64bb23))
+7
dist/errors/EvaluationError.d.ts
export declare class EvaluationError extends Error {
code: number;
name: string;
lineNumber: number;
columnNumber: number;
details: string;
}
+15
dist/errors/EvaluationError.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.EvaluationError = void 0;
class EvaluationError extends Error {
constructor() {
super(...arguments);
this.code = 6002;
this.name = 'VmEvaluationError';
this.lineNumber = null;
this.columnNumber = null;
this.details = null;
}
}
exports.EvaluationError = EvaluationError;
//# sourceMappingURL=EvaluationError.js.map
+1
dist/errors/EvaluationError.js.map
{"version":3,"file":"EvaluationError.js","sourceRoot":"","sources":["../../src/errors/EvaluationError.ts"],"names":[],"mappings":";;;AAAA,MAAa,eAAgB,SAAQ,KAAK;IAA1C;;QACE,SAAI,GAAG,IAAI,CAAC;QAEZ,SAAI,GAAG,mBAAmB,CAAC;QAE3B,eAAU,GAAW,IAAI,CAAC;QAE1B,iBAAY,GAAW,IAAI,CAAC;QAE5B,YAAO,GAAW,IAAI,CAAC;IACzB,CAAC;CAAA;AAVD,0CAUC"}
+4
dist/errors/IntegrityError.d.ts
export declare class IntegrityError extends Error {
code: number;
name: string;
}
+12
dist/errors/IntegrityError.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.IntegrityError = void 0;
class IntegrityError extends Error {
constructor() {
super(...arguments);
this.code = 6004;
this.name = 'VmIntegrityError';
}
}
exports.IntegrityError = IntegrityError;
//# sourceMappingURL=IntegrityError.js.map
+1
dist/errors/IntegrityError.js.map
{"version":3,"file":"IntegrityError.js","sourceRoot":"","sources":["../../src/errors/IntegrityError.ts"],"names":[],"mappings":";;;AAAA,MAAa,cAAe,SAAQ,KAAK;IAAzC;;QACE,SAAI,GAAG,IAAI,CAAC;QAEZ,SAAI,GAAG,kBAAkB,CAAC;IAC5B,CAAC;CAAA;AAJD,wCAIC"}
+4
dist/errors/OutputError.d.ts
export declare class OutputError extends Error {
code: number;
name: string;
}
+12
dist/errors/OutputError.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.OutputError = void 0;
class OutputError extends Error {
constructor() {
super(...arguments);
this.code = 6001;
this.name = 'VmOutputError';
}
}
exports.OutputError = OutputError;
//# sourceMappingURL=OutputError.js.map
+1
dist/errors/OutputError.js.map
{"version":3,"file":"OutputError.js","sourceRoot":"","sources":["../../src/errors/OutputError.ts"],"names":[],"mappings":";;;AAAA,MAAa,WAAY,SAAQ,KAAK;IAAtC;;QACE,SAAI,GAAG,IAAI,CAAC;QAEZ,SAAI,GAAG,eAAe,CAAC;IACzB,CAAC;CAAA;AAJD,kCAIC"}
+4
dist/errors/TimeoutError.d.ts
export declare class TimeoutError extends Error {
code: number;
name: string;
}
+12
dist/errors/TimeoutError.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.TimeoutError = void 0;
class TimeoutError extends Error {
constructor() {
super(...arguments);
this.code = 6003;
this.name = 'VmTimeoutError';
}
}
exports.TimeoutError = TimeoutError;
//# sourceMappingURL=TimeoutError.js.map
+1
dist/errors/TimeoutError.js.map
{"version":3,"file":"TimeoutError.js","sourceRoot":"","sources":["../../src/errors/TimeoutError.ts"],"names":[],"mappings":";;;AAAA,MAAa,YAAa,SAAQ,KAAK;IAAvC;;QACE,SAAI,GAAG,IAAI,CAAC;QAEZ,SAAI,GAAG,gBAAgB,CAAC;IAC1B,CAAC;CAAA;AAJD,oCAIC"}
pack/hapify-vm-1.0.1.tgz

Sorry, the diff of this file is not supported yet

+5
-20
dist/index.d.ts

@@ -0,1 +1,5 @@

import { EvaluationError } from './errors/EvaluationError';
import { IntegrityError } from './errors/IntegrityError';
import { OutputError } from './errors/OutputError';
import { TimeoutError } from './errors/TimeoutError';
interface HapifyVMOptions {

@@ -6,21 +10,3 @@ timeout: number;

}
export declare class OutputError extends Error {
code: number;
name: string;
}
export declare class EvaluationError extends Error {
code: number;
name: string;
lineNumber: number;
columnNumber: number;
details: string;
}
export declare class TimeoutError extends Error {
code: number;
name: string;
}
export declare class IntegrityError extends Error {
code: number;
name: string;
}
export { EvaluationError, IntegrityError, OutputError, TimeoutError };
export declare class HapifyVM {

@@ -44,2 +30,1 @@ /** Default options */

}
export {};
+24
-44
dist/index.js
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.HapifyVM = exports.IntegrityError = exports.TimeoutError = exports.EvaluationError = exports.OutputError = void 0;
exports.HapifyVM = exports.TimeoutError = exports.OutputError = exports.IntegrityError = exports.EvaluationError = void 0;
const vm2_1 = require("vm2");
const EvaluationError_1 = require("./errors/EvaluationError");
Object.defineProperty(exports, "EvaluationError", { enumerable: true, get: function () { return EvaluationError_1.EvaluationError; } });
const IntegrityError_1 = require("./errors/IntegrityError");
Object.defineProperty(exports, "IntegrityError", { enumerable: true, get: function () { return IntegrityError_1.IntegrityError; } });
const OutputError_1 = require("./errors/OutputError");
Object.defineProperty(exports, "OutputError", { enumerable: true, get: function () { return OutputError_1.OutputError; } });
const TimeoutError_1 = require("./errors/TimeoutError");
Object.defineProperty(exports, "TimeoutError", { enumerable: true, get: function () { return TimeoutError_1.TimeoutError; } });
const SECOND = 1000;
class OutputError extends Error {
constructor() {
super(...arguments);
this.code = 6001;
this.name = 'VmOutputError';
}
}
exports.OutputError = OutputError;
class EvaluationError extends Error {
constructor() {
super(...arguments);
this.code = 6002;
this.name = 'VmEvaluationError';
this.lineNumber = null;
this.columnNumber = null;
this.details = null;
}
}
exports.EvaluationError = EvaluationError;
class TimeoutError extends Error {
constructor() {
super(...arguments);
this.code = 6003;
this.name = 'VmTimeoutError';
}
}
exports.TimeoutError = TimeoutError;
class IntegrityError extends Error {
constructor() {
super(...arguments);
this.code = 6004;
this.name = 'VmIntegrityError';
}
}
exports.IntegrityError = IntegrityError;
class HapifyVM {

@@ -50,5 +23,9 @@ /** Constructor */

};
/** Built-in objects to remove from sandbox */
this.forbiddenObjects = {
console: undefined,
};
/** RegEx used to extract error's line & column */
this.stackRegex = /vm\.js:([0-9]+):([0-9]+)/m;
this.options = Object.assign({}, this.defaultOptions, options);
this.options = Object.assign(Object.assign({}, this.defaultOptions), options);
}

@@ -71,14 +48,15 @@ /** Wrap content in auto-executable function */

try {
result = vm.run(wrappedContent);
result = vm.run(wrappedContent, 'vm.js');
}
catch (error) {
// Check error
if (typeof error.message !== 'string' || typeof error.stack !== 'string') {
throw new IntegrityError('Invalid error');
if (typeof error.message !== 'string' ||
typeof error.stack !== 'string') {
throw new IntegrityError_1.IntegrityError('Invalid error');
}
if (error.message.startsWith('Script execution timed out')) {
throw new TimeoutError(error.message);
throw new TimeoutError_1.TimeoutError(error.message);
}
// Parse error
const evalError = new EvaluationError(error.message);
const evalError = new EvaluationError_1.EvaluationError(error.message);
const matches = this.stackRegex.exec(error.stack);

@@ -94,4 +72,6 @@ if (matches) {

}
if (!this.options.allowAnyOutput && typeof result !== 'undefined' && typeof result !== 'string') {
throw new OutputError('Must return a string');
if (!this.options.allowAnyOutput &&
typeof result !== 'undefined' &&
typeof result !== 'string') {
throw new OutputError_1.OutputError('Must return a string');
}

@@ -98,0 +78,0 @@ return result;

+1
-1
dist/index.js.map

@@ -1,1 +0,1 @@

{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,6BAAyB;AAEzB,MAAM,MAAM,GAAG,IAAI,CAAC;AAQpB,MAAa,WAAY,SAAQ,KAAK;IAAtC;;QACC,SAAI,GAAG,IAAI,CAAC;QACZ,SAAI,GAAG,eAAe,CAAC;IACxB,CAAC;CAAA;AAHD,kCAGC;AACD,MAAa,eAAgB,SAAQ,KAAK;IAA1C;;QACC,SAAI,GAAG,IAAI,CAAC;QACZ,SAAI,GAAG,mBAAmB,CAAC;QAC3B,eAAU,GAAW,IAAI,CAAC;QAC1B,iBAAY,GAAW,IAAI,CAAC;QAC5B,YAAO,GAAW,IAAI,CAAC;IACxB,CAAC;CAAA;AAND,0CAMC;AACD,MAAa,YAAa,SAAQ,KAAK;IAAvC;;QACC,SAAI,GAAG,IAAI,CAAC;QACZ,SAAI,GAAG,gBAAgB,CAAC;IACzB,CAAC;CAAA;AAHD,oCAGC;AACD,MAAa,cAAe,SAAQ,KAAK;IAAzC;;QACC,SAAI,GAAG,IAAI,CAAC;QACZ,SAAI,GAAG,kBAAkB,CAAC;IAC3B,CAAC;CAAA;AAHD,wCAGC;AAED,MAAa,QAAQ;IAgBpB,kBAAkB;IAClB,YAAY,UAAoC,EAAE;QAhBlD,sBAAsB;QACd,mBAAc,GAAoB;YACzC,OAAO,EAAE,MAAM;YACf,cAAc,EAAE,KAAK;YACrB,IAAI,EAAE,KAAK;SACX,CAAC;QAOF,kDAAkD;QAC1C,eAAU,GAAG,2BAA2B,CAAC;QAIhD,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,IAAI,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;IAChE,CAAC;IAED,+CAA+C;IACvC,IAAI,CAAC,OAAe;QAC3B,OAAO,kBAAkB,OAAO,SAAS,CAAC;IAC3C,CAAC;IAED,sBAAsB;IACtB,GAAG,CAAC,OAAe,EAAE,OAA+B;QACnD,IAAI,MAAM,CAAC;QAEX,MAAM,EAAE,GAAG,IAAI,QAAE,CAAC;YACjB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;YAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,gBAAgB,CAAC;YACtD,QAAQ,EAAE,YAAY;YACtB,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;YACvB,IAAI,EAAE,KAAK;SACX,CAAC,CAAC;QACH,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE1C,IAAI;YACH,MAAM,GAAG,EAAE,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;SAChC;QAAC,OAAO,KAAK,EAAE;YACf,cAAc;YACd,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE;gBACzE,MAAM,IAAI,cAAc,CAAC,eAAe,CAAC,CAAC;aAC1C;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,4BAA4B,CAAC,EAAE;gBAC3D,MAAM,IAAI,YAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;aACtC;YAED,cAAc;YACd,MAAM,SAAS,GAAG,IAAI,eAAe,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAClD,IAAI,OAAO,EAAE;gBACZ,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,sBAAsB;gBACjE,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxC,SAAS,CAAC,OAAO,GAAG,UAAU,SAAS,CAAC,OAAO,WAAW,UAAU,aAAa,YAAY,EAAE,CAAC;gBAChG,SAAS,CAAC,UAAU,GAAG,UAAU,CAAC;gBAClC,SAAS,CAAC,YAAY,GAAG,YAAY,CAAC;aACtC;YAED,MAAM,SAAS,CAAC;SAChB;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,MAAM,KAAK,QAAQ,EAAE;YAChG,MAAM,IAAI,WAAW,CAAC,sBAAsB,CAAC,CAAC;SAC9C;QAED,OAAO,MAAM,CAAC;IACf,CAAC;CACD;AAvED,4BAuEC"}
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AAAA,6BAAyB;AAEzB,8DAA2D;AAalD,gGAbA,iCAAe,OAaA;AAZxB,4DAAyD;AAY/B,+FAZjB,+BAAc,OAYiB;AAXxC,sDAAmD;AAWT,4FAXjC,yBAAW,OAWiC;AAVrD,wDAAqD;AAUE,6FAV9C,2BAAY,OAU8C;AARnE,MAAM,MAAM,GAAG,IAAI,CAAC;AAUpB,MAAa,QAAQ;IAmBnB,kBAAkB;IAClB,YAAY,UAAoC,EAAE;QAnBlD,sBAAsB;QACd,mBAAc,GAAoB;YACxC,OAAO,EAAE,MAAM;YACf,cAAc,EAAE,KAAK;YACrB,IAAI,EAAE,KAAK;SACZ,CAAC;QAKF,8CAA8C;QACtC,qBAAgB,GAA2B;YACjD,OAAO,EAAE,SAAS;SACnB,CAAC;QAEF,kDAAkD;QAC1C,eAAU,GAAG,2BAA2B,CAAC;QAI/C,IAAI,CAAC,OAAO,mCAAQ,IAAI,CAAC,cAAc,GAAK,OAAO,CAAE,CAAC;IACxD,CAAC;IAED,+CAA+C;IACvC,IAAI,CAAC,OAAe;QAC1B,OAAO,kBAAkB,OAAO,SAAS,CAAC;IAC5C,CAAC;IAED,sBAAsB;IACtB,GAAG,CAAC,OAAe,EAAE,OAA+B;QAClD,IAAI,MAAM,CAAC;QAEX,MAAM,EAAE,GAAG,IAAI,QAAE,CAAC;YAChB,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO;YAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,gBAAgB,CAAC;YACtD,QAAQ,EAAE,YAAY;YACtB,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI;YACvB,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;QACH,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAE1C,IAAI;YACF,MAAM,GAAG,EAAE,CAAC,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;SAC1C;QAAC,OAAO,KAAK,EAAE;YACd,cAAc;YACd,IACE,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ;gBACjC,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,EAC/B;gBACA,MAAM,IAAI,+BAAc,CAAC,eAAe,CAAC,CAAC;aAC3C;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,4BAA4B,CAAC,EAAE;gBAC1D,MAAM,IAAI,2BAAY,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;aACvC;YAED,cAAc;YACd,MAAM,SAAS,GAAG,IAAI,iCAAe,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;YAClD,IAAI,OAAO,EAAE;gBACX,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,sBAAsB;gBACjE,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;gBACxC,SAAS,CAAC,OAAO,GAAG,UAAU,SAAS,CAAC,OAAO,WAAW,UAAU,aAAa,YAAY,EAAE,CAAC;gBAChG,SAAS,CAAC,UAAU,GAAG,UAAU,CAAC;gBAClC,SAAS,CAAC,YAAY,GAAG,YAAY,CAAC;aACvC;YAED,MAAM,SAAS,CAAC;SACjB;QAED,IACE,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc;YAC5B,OAAO,MAAM,KAAK,WAAW;YAC7B,OAAO,MAAM,KAAK,QAAQ,EAC1B;YACA,MAAM,IAAI,yBAAW,CAAC,sBAAsB,CAAC,CAAC;SAC/C;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;CACF;AAjFD,4BAiFC"}
+22
-35
package.json
{
"name": "@hapify/vm",
"version": "0.3.6",
"version": "1.0.1",
"description": "Sandbox for JavaScript code",
"keywords": [
"hapify",
"vm"
],
"license": "MIT",
"author": "Edouard Demotes-Mainard <edouard@tractr.net>",
"main": "dist/index.js",
"types": "dist/index.d.ts",
"scripts": {
"update": "npm-check -u",
"build": "rimraf dist && tsc -p .",
"clean": "rimraf dist node_modules coverage .nyc_output",
"prepublishOnly": "npm run build",
"lint": "npm run lint:tsc && npm run lint:prettier && npm run lint:eslint",
"lint:eslint": "eslint \"{src,test}/**/*.{ts,js}\"",
"lint:eslint:fix": "npm run lint:eslint -- --fix",
"lint:fix": "npm run lint:tsc:fix && npm run lint:prettier:fix && npm run lint:eslint:fix",
"lint:prettier": "prettier --check \"{src,test}/**/*.{ts,js}\" ",
"lint:prettier:fix": "prettier --write \"{src,test}/**/*.{ts,js}\"",
"lint:tsc": "tsc --noEmit",
"lint:tsc:fix": "npm run lint:tsc",
"test": "nyc mocha",
"lint": "prettier --write '**/*.ts'",
"build": "rimraf dist && tsc -p ."
"update": "npm-check -u"
},
"repository": {
"type": "git",
"url": "git+ssh://git@github.com:hapify/vm.git"
"dependencies": {
"vm2": "^3.9.2"
},
"keywords": [
"hapify",
"vm"
],
"author": "Edouard Demotes-Mainard <edouard@tractr.net>",
"license": "MIT",
"homepage": "https://github.com/hapify/vm#readme",
"devDependencies": {
"@commitlint/cli": "^11.0.0",
"@commitlint/config-conventional": "^11.0.0",
"@hapi/code": "^8.0.2",
"@types/mocha": "^8.2.0",
"@types/node": "^14.14.22",
"husky": "^4.3.8",
"mocha": "^8.2.1",
"npm-check": "^5.9.2",
"nyc": "^15.1.0",
"prettier": "^2.2.1",
"pretty-quick": "^3.1.0",
"rimraf": "^3.0.2",
"ts-node": "^9.1.1",
"typescript": "^4.1.3"
"mocha": "^8.2.1"
},
"dependencies": {
"vm2": "^3.9.2"
},
"engines": {
"node": ">=9"
},
"husky": {
"hooks": {
"commit-msg": "commitlint -E HUSKY_GIT_PARAMS",
"pre-commit": "pretty-quick --staged --pattern \"**/*.ts\""
}
}
}
+1
-1
README.md

@@ -7,3 +7,3 @@ # Hapify VM

[![Build Status](https://travis-ci.org/hapify/vm.svg?branch=master)](https://travis-ci.org/hapify/vm) [![codecov](https://codecov.io/gh/hapify/vm/branch/master/graph/badge.svg)](https://codecov.io/gh/hapify/vm)
[![Release and Deploy](https://github.com/hapify/hapify/actions/workflows/deploy.yml/badge.svg)](https://github.com/hapify/hapify/actions/workflows/deploy.yml)

@@ -10,0 +10,0 @@ ## Usage