Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Continuum is a JavaScript virtual machine built in JavaScript. It assembles bytecode from sourcecode and executes it in an ES6 runtime environment. The code of the VM is written in ES3, which means it can run in browsers as old as IE6 (though currently it's only regularly tested in IE8+ and there's probably some kinks to work out in older IE's).
ES6 is an incomplete and still changing draft
Continuum should work in every modern engine, but has not been tested.
Currently known to work in:
Usually works in but sometimes doesn't (the debugger interface doesn't work, but the engine can):
In the browser, use the combined continuum.js or continuum.min.js. In Node.js:
npm install continuum
In the browser an object named continuum
is added to the window, or in node continuum
is the object returned by require('continuum')
.
Basic usage of continuum is can be treated like using eval
in an iframe or Node.js's vm.runInContext
. In ES6 a "Realm" is basically the container for a global context. A Realm has a 'global' property (which is its global object), and a number of properties that are specific to each Realm instance, such as the set of intrinsic builtin objects like Array
, Function
, Object
, etc.
var realm = continuum.createRealm();
var $array = realm.evaluate('[5, 10, 15, 20]');
// you can use the ES internal functions to directly interact with objects
console.log($array.Get(0)) // 5
console.log($array.Get('map')) // $Function object
// these two lines have the same result
var $Function = realm.evaluate('Function');
var $Function = realm.global.Get('Function');
// like eval, code starts out executing in global scope
realm.evaluate('var x = 500');
console.log(realm.evaluate('x')); // 500
// if your code uses the module system then it must be run asynchronously
realm.evaluateAsync('module F = "@function"; F', function(result){
console.log(result) // $Module { Function, call, apply, bind }
});
module std = '@std'
or import call from '@function'
FAQs
A JavaScript (ES6) bytecode virtual machine written in JavaScript
We found that continuum demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.