Secure EcmaScript (SES) is a frozen environment for running EcmaScript
(Javascript) 'strict' mode programs with no ambient authority in their global
scope, and with the addition of a safe two-argument evaluator
(SES.confine(code, endowments)). By freezing everything accessible from the
global scope, it removes programs abilities to interfere with each other, and
thus enables isolated evaluation of arbitrary code.
It runs atop an ES6-compliant platform, enabling safe interaction of mutually-suspicious code, using object-capability -style programming.
See https://github.com/Agoric/Jessie to see how SES fits into the various flavors of confined EcmaScript execution. And visit https://rawgit.com/Agoric/ses-shim/master/demo/ for a demo.
Derived from the Caja project, https://github.com/google/caja/wiki/SES.
Still under development: do not use for production systems yet, there are known security holes that need to be closed.
npm install ses
This example locks down the current realm, turning it into a starting
compartment.
Within a compartment, there is a Compartment constructor that conveys
"endownments" into the new compartment's global scope, and a harden method
that that object and any object reachable from its surface.
The compartment can import modules and evaluate programs.
import {lockdown} from "ses";
lockdown();
const c = new Compartment({
print: harden(console.log),
});
c.evaluate(`
print("Hello! Hello?");
`);
The new compartment has a different global object than the start compartment. The global object is initially mutable. Locking down the start compartment hardened many of the intrinsics in global scope. After lockdown, no compartment can tamper with these intrinsics. Many of these intrinsics are identical in the new compartment.
const c = new Compartment();
c.global === global; // false
c.global.JSON === JSON; // true
The property holds among any other compartments. Each has a unique, initially mutable, global object. Many intrinsics are shared.
const c1 = new Compartment();
const c2 = new Compartment();
c1.global === c2.global; // false
c1.global.JSON === c2.global.JSON; // true
Please help us practice coordinated security bug disclosure, by using the instructions in SECURITY.md to report security-sensitive bugs privately.
For non-security bugs, please use the regular Issues page.
FAQs
Hardened JavaScript for Fearless Cooperation
We found that ses demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.