🚀 Big News:Socket Has Acquired Secure Annex.Learn More →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@sebastianwessel/quickjs

Package Overview
Dependencies
Maintainers
1
Versions
15
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@sebastianwessel/quickjs

A typescript package to execute JavaScript and TypeScript code in a WebAssembly QuickJS sandbox

latest
Source
npmnpm
Version
3.0.1
Version published
Weekly downloads
12K
-29.03%
Maintainers
1
Weekly downloads
 
Created
Source

QuickJS - Execute JavaScript and TypeScript in a WebAssembly QuickJS Sandbox

This TypeScript package allows you to safely execute JavaScript AND TypeScript code within a WebAssembly sandbox using the QuickJS engine. Perfect for isolating and running untrusted code securely, it leverages the lightweight and fast QuickJS engine compiled to WebAssembly, providing a robust environment for code execution.

View the full documentation | Find examples in the repository | Online Playground

Features

  • Security: Run untrusted JavaScript and TypeScript code in a safe, isolated environment.
  • Basic Node.js modules: Provides basic standard Node.js module support for common use cases.
  • File System: Can mount a virtual file system.
  • Custom Node Modules: Custom node modules are mountable.
  • Fetch Client: Can provide a fetch client to make http(s) calls.
  • Test-Runner: Includes a test runner and chai based expect.
  • Performance: Benefit from the lightweight and efficient QuickJS engine.
  • Versatility: Easily integrate with existing TypeScript projects.
  • Simplicity: User-friendly API for executing and managing JavaScript and TypeScript code in the sandbox.

Basic Usage

Here's a simple example of how to use the package:

import variant from "@jitl/quickjs-ng-wasmfile-release-sync";
import { type SandboxOptions, loadQuickJs } from "@sebastianwessel/quickjs";

// General setup like loading and init of the QuickJS wasm
// It is a ressource intensive job and should be done only once if possible
const { runSandboxed } = await loadQuickJs(variant);

const options: SandboxOptions = {
  allowFetch: true, // inject fetch and allow the code to fetch data
  allowFs: true, // mount a virtual file system and provide node:fs module
  env: {
    MY_ENV_VAR: "env var value",
  },
};

const code = `
import { join } from 'path'

const fn = async ()=>{
  console.log(join('src','dist')) // logs "src/dist" on host system

  console.log(env.MY_ENV_VAR) // logs "env var value" on host system

  const url = new URL('https://example.com')

  const f = await fetch(url)

  return f.text()
}

export default await fn()
`;

const result = await runSandboxed(
  async ({ evalCode }) => evalCode(code),
  options,
);

console.log(result); // { ok: true, data: '<!doctype html>\n<html>\n[....]</html>\n' }

View the full documentation

Find examples in the repository

Credits

This lib is based on:

Tools used:

License

This project is licensed under the MIT License.

This package is ideal for developers looking to execute JavaScript code securely within a TypeScript application, ensuring both performance and safety with the QuickJS WebAssembly sandbox.

Keywords

typescript
quickjs
runtime
wasm
webassembly
bun

FAQs

Package last updated on 13 Feb 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape

Security News

Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape

A critical vm2 sandbox escape can allow untrusted JavaScript to break isolation and execute commands on the host Node.js process.

By Wenxin Jiang, Marvin Fleischer, Jonah Ghebremichael  -  May 08, 2026