Secure EcmaScript (SES) is a frozen environment for running EcmaScript
(Javascript) 'strict' mode programs with no ambient authority in their global
scope, and with the addition of a safe two-argument evaluator
(SES.confine(code, endowments)). By freezing everything accessible from the
global scope, it removes programs abilities to interfere with each other, and
thus enables isolated evaluation of arbitrary code.
It runs atop an ES6-compliant platform, enabling safe interaction of mutually-suspicious code, using object-capability -style programming.
See https://github.com/Agoric/Jessie to see how SES fits into the various flavors of confined EcmaScript execution. And visit https://rawgit.com/Agoric/ses-shim/master/demo/ for a demo.
Derived from the Caja project, https://github.com/google/caja/wiki/SES.
Still under development: do not use for production systems yet, there are known security holes that need to be closed.
npm install ses
This example locks down the current realm, turning it into a starting
compartment.
Within a compartment, there is a Compartment constructor that conveys
"endownments" into the new compartment's global scope, and a harden method
that that object and any object reachable from its surface.
The compartment can import modules and evaluate programs.
import {lockdown} from "ses";
lockdown();
const c = new Compartment({
print: harden(console.log),
});
c.evaluate(`
print("Hello! Hello?");
`);
The new compartment has a different global object than the start compartment. The global object is initially mutable. Locking down the start compartment hardened many of the intrinsics in global scope. After lockdown, no compartment can tamper with these intrinsics. Many of these intrinsics are identical in the new compartment.
const c = new Compartment();
c.global === global; // false
c.global.JSON === JSON; // true
The property holds among any other compartments. Each has a unique, initially mutable, global object. Many intrinsics are shared.
const c1 = new Compartment();
const c2 = new Compartment();
c1.global === c2.global; // false
c1.global.JSON === c2.global.JSON; // true
Please help us practice coordinated security bug disclosure, by using the instructions in SECURITY.md to report security-sensitive bugs privately.
For non-security bugs, please use the regular Issues page.
FAQs
Hardened JavaScript for Fearless Cooperation
The npm package ses receives a total of 28,658 weekly downloads. As such, ses popularity was classified as popular.
We found that ses demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.
Security News
In an open letter, JavaScript community leaders urge Oracle to give up the JavaScript trademark, arguing that it has been effectively abandoned through nonuse.
Security News
The initial version of the Socket Python SDK is now on PyPI, enabling developers to more easily interact with the Socket REST API in Python projects.