Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
browser-module-sandbox
Advanced tools
browser-module-sandbox
uses browserify-cdn to run node code in an iframe
requires a hosted browserify-cdn
npm install browser-module-sandbox
usage
var sandbox = require('browser-module-sandbox')
initialize
sandbox(options)
var sandbox = sandbox({
cdn: 'http://localhost:8000', // browserify-cdn API endpoint, defaults to the current browser domain root,
container: dom element where the iframe should be appended,
iframeHead: string that gets prepended to the `<head>` of the output iframe,
iframeBody: string that gets prepended to the `<body>` of the output iframe,
iframeStyle: string for css, gets appended to end of iframeHead,
iframe: iframe instance, default creates a new one inside container
})
bundling
sandbox.bundle(entry, preferredVersions)
sandbox.bundle('console.log(require("underscore"))', {'underscore': '1.3.3'})
preferredVersions is optional, version will otherwise default to latest
events
sandbox.on('modules', function(modules) {})
modules is the array of modules that gets parsed out of the bundle entry by the detective module
sandbox.on('bundleStart', function() {})
emits when the bundle request begins
sandbox.on('bundleEnd', function(html) {})
emits when the bundle request finishes. html is an object that has the iframe header contents and the full bundle body (made of up all the bundles + the entry in an executable form)
license
BSD
FAQs
uses browserify-cdn to run node code in an iframe
The npm package browser-module-sandbox receives a total of 38 weekly downloads. As such, browser-module-sandbox popularity was classified as not popular.
We found that browser-module-sandbox demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 12 Aug 2013
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025