faraday-cage
Advanced tools
A JavaScript sandboxing library with a focus on extensibility.
npm install faraday-cage
# or
yarn add faraday-cage
# or
pnpm add faraday-cage
import asyncWasmLocation from "@jitl/quickjs-wasmfile-release-asyncify/wasm?url"
import { FaradayCage } from 'faraday-cage';
import { console as consoleModule } from 'faraday-cage/modules';
async function runSandboxedCode() {
// Create a new sandbox instance using Vite's ?url import feature to get the WASM module URL
const cage = await FaradayCage.createFromQJSWasmLocation(asyncWasmLocation);
// Define the code to run
const code = `
console.log('Hello from the sandbox!');
const result = 40 + 2;
console.log('Result:', result);
`;
// Run the code with console module
const result = await cage.runCode(code, [
consoleModule({
onLog(...args) {
console.log(...args)
}
})
]);
if (result.type === "error") {
console.error('Error executing code:', result.err);
}
}
runSandboxedCode();
import asyncWasmLocation from "@jitl/quickjs-wasmfile-release-asyncify/wasm?url"
import { FaradayCage } from 'faraday-cage';
import {
console as consoleModule,
esmModuleLoader,
blobPolyfill
} from 'faraday-cage/modules';
async function loadExternalModule() {
const cage = await FaradayCage.createFromQJSWasmLocation(asyncWasmLocation);
const code = `
// Import an ESM module directly from a CDN
import isEven from "https://esm.sh/is-even"
console.log(isEven(1)) // false
console.log(isEven(2)) // true
`;
await cage.runCode(code, [
blobPolyfill,
esmModuleLoader,
consoleModule({
onLog(...args) {
console.log(...args)
}
})
]);
}
import asyncWasmLocation from "@jitl/quickjs-wasmfile-release-asyncify/wasm?url"
import { FaradayCage } from 'faraday-cage';
import { defineCageModule, defineSandboxFn } from 'faraday-cage/modules';
// Create a custom module to expose functionality to the sandbox
const mathModule = defineCageModule((ctx) => {
// Create a function available in the sandbox
const randomFn = defineSandboxFn(ctx, 'random', () => {
return Math.random();
});
// Add function to global object
const global = ctx.vm.global;
ctx.vm.setProp(global, 'getRandomNumber', randomFn);
});
async function runWithCustomModule() {
const cage = await FaradayCage.createFromQJSWasmLocation(asyncWasmLocation);
const code = `
// Use our custom function
const value = getRandomNumber();
console.log('Random value:', value);
`;
await cage.runCode(code, [mathModule]);
}
Important: Faraday Cage does not include the QuickJS WASM module. You must install and provide it separately:
npm install @jitl/quickjs-wasmfile-release-asyncify
# or
yarn add @jitl/quickjs-wasmfile-release-asyncify
# or
pnpm add @jitl/quickjs-wasmfile-release-asyncify
This design decision was made to support different build pipelines and bundlers properly, allowing you to handle WASM loading in the way that best fits your project setup.
Faraday Cage specifically requires an async-enabled QuickJS WASM module (such as @jitl/quickjs-wasmfile-release-asyncify). The Asyncify transform enables synchronous calls from QuickJS to async host functions, which is essential for Faraday Cage's functionality.
The example below uses Vite's ?url import suffix to get the URL of the QuickJS WASM module, but you can obtain the URL through any method appropriate for your build system:
// Using Vite's import feature to get the URL of the WASM file
import asyncWasmLocation from "@jitl/quickjs-wasmfile-release-asyncify/wasm?url"
// Then pass that URL to the sandbox
const cage = await FaradayCage.createFromQJSWasmLocation(asyncWasmLocation);
FaradayCageThe main class for creating and managing sandboxes.
static async createFromQJSWasmLocation(wasmLocation: string): Promise<FaradayCage>Creates a new sandbox instance from a QuickJS WebAssembly file.
FaradayCage.prototype.runCode(code: string, modules: CageModule[]): Promise<RunCodeResult>Runs the provided code with the specified modules.
RunCodeResultThe result of running code in the sandbox, which is one of:
// Success case
{ type: "ok" }
// Error case
{ type: "error"; err: Error }
Example of handling the result:
const result = await cage.runCode(code, modules);
if (result.type === "error") {
console.error('Error executing code:', result.err);
}
Modules add functionality to the sandbox:
console: Provides console.log and other console methodsblobPolyfill: Adds support for the Blob APIesmModuleLoader: Enables ESM imports from external sourcesMIT
FAQs
A JS sandboxing library with a focus on extensibility
The npm package faraday-cage receives a total of 458 weekly downloads. As such, faraday-cage popularity was classified as not popular.
We found that faraday-cage demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Experts push back on new claims about AI-driven ransomware, warning that hype and sponsored research are distorting how the threat is understood.
Security News
Ruby's creator Matz assumes control of RubyGems and Bundler repositories while former maintainers agree to step back and transfer all rights to end the dispute.
Research
/Security News
Socket researchers found 10 typosquatted npm packages that auto-run on install, show fake CAPTCHAs, fingerprint by IP, and deploy a credential stealer.