New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@locker/sandbox

Package Overview
Dependencies
Maintainers
6
Versions
259
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@locker/sandbox - npm Package Compare versions

Comparing version 0.12.2 to 0.12.3

types/index.d.ts.map

13

package.json
{
"name": "@locker/sandbox",
"version": "0.12.2",
"version": "0.12.3",
"license": "Salesforce Developer Agreement",

@@ -11,3 +11,3 @@ "author": "Salesforce UI Security Team",

"scripts": {
"build": "tsc --emitDeclarationOnly && rollup -c .rolluprc.cjs",
"build": "tsc --project tsconfig.types.json && rollup --config .rolluprc.cjs",
"clean": "locker-trash dist/ types/"

@@ -24,9 +24,6 @@ },

"@caridy/sjs": "0.3.4",
"@locker/distortion": "0.12.2",
"@locker/shared": "0.12.2"
"@locker/distortion": "0.12.3",
"@locker/shared": "0.12.3"
},
"devDependencies": {
"typescript": "3.8.3"
},
"gitHead": "738fe1b33d349d389394370359044c1d5ee968c4"
"gitHead": "04a89b8ef9516c8ebc5f38a1bb2d93b04deba348"
}

47

README.md

@@ -13,21 +13,38 @@ # @locker/sandbox

<!-- eslint-disable import/no-extraneous-dependencies, no-unused-vars, prettier/prettier -->
The `evaluateInSandbox()` function:
<!-- eslint-disable import/no-extraneous-dependencies, no-console, no-undef, no-unused-vars, prettier/prettier -->
```js
import { evaluateInSandbox } from '@locker/sandbox';
function sandboxFunction(namespace, func) {
let out;
evaluateInSandbox(
namespace,
`$lockerEvalContext$(${func.toString()})`,
def => {
out = def;
let sandboxed;
// Evaluate source text in a sandbox using
// `evaluateInSandbox(key, sourceText, context, endowments)`. The function has
// no return value.
evaluateInSandbox(
// The key of the sandbox to evaluate source text in. One sandbox is created
// per key regardless of the number of calls to `evaluateInSandbox()`.
'sandbox',
// The source text to evaluate in the sandbox.
`$lockerEvalContext$(${
// Function body to coerce to a string. Using a function and coercing
// it to a string has the benefit of working with minifiers.
function() {
// Call to a provided endowment value.
logger('inside sandbox');
// Other code to sandbox...
}
);
return out;
}
const sandboxed = sandboxFunction('ns1', function() {
// Put code here...
});
})`,
// The value of the optional sandbox context binding `$lockerEvalContext$`
// that may be used to initialize sandboxed code. The binding can be an object,
// function, or anything else. The `$lockerEvalContext$` binding can only be
// accessed a once per sandbox evaluation and is set to `undefined` after
// the synchronous sandbox evaluation.
def => {
sandboxed = def;
},
// The optional endowments object whose property descriptors are used to
// define properties on the sandboxed global object. Behind the scenes the
// `$lockerEvalContext$` is defined using the same endowments feature.
{ logger: console.log.bind(console) }
);
```

4

types/index.d.ts

@@ -0,1 +1,2 @@

import { SandboxKey } from '@locker/distortion';
interface EvalContext {

@@ -5,3 +6,4 @@ set?: (name: string | symbol, value: any) => void;

}
export declare function evaluateInSandbox(namespace: string, sourceText: string, context?: EvalContext, endowments?: object): void;
export declare function evaluateInSandbox(key: SandboxKey, sourceText: string, context?: EvalContext, endowments?: object): void;
export {};
//# sourceMappingURL=index.d.ts.map
dist/index.cjs.js

Sorry, the diff of this file is too big to display

dist/index.js

Sorry, the diff of this file is too big to display

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc