Execute JS code in a new VM context.
The built-in vm module is flexible but slow. Code sometimes runs 200x slower inside a vm context than outside. Vime sacrifices some flexibility in exchange for fast and reliable performance.
The module exports a single function.
const vime = require('vime');
const result = vime('1 + 1');
console.log(result); // Prints "2".
To execute more code in the same vime context, first grab a reference to the global object (or any other object from the context):
const vime = require('vime');
const context = vime('this');
vime('var x = 1', context);
console.log(vime('x + x', context)); // Prints "2".
Exporting functions from the main context is done in similar fashion:
const vime = require('vime');
const context = Object.assign(vime('this'), { console, require });
vime('console.log(require("./package.json"))');
It follows that vime() is not restricted to running JS code in a new
context, you can also execute it in the current context:
const vime = require('vime');
const context = global; // Or any object from this context.
vime('console.log("ok")', context); // Prints "ok".
instanceof checks don't work across contexts because each context gets
its own copy of Object, Array, and other built-ins.
const vime = require('vime');
const array = vime('[]');
console.log(Array.isArray(array)); // Prints "true".
console.log(array instanceof Array); // Prints "false".
References to objects from a context keep the context alive until the last reference goes away. Because contexts are heavy-weight objects (a context is a complete JS runtime), keeping many contexts around has a notable impact on memory usage:
const vime = require('vime');
console.log(process.memoryUsage().rss >>> 20); // 25 MB on my machine.
const leak = [];
for (let i = 0; i < 100; ++i) leak.push(vime('this'));
console.log(process.memoryUsage().rss >>> 20); // 100 MB on my machine.
Use node-heapdump or the built-in inspector to debug such issues.
Important note: this module is currently not designed for executing untrusted code ("sandboxing.") If that is an important use case for you, please file a bug report.
Report bugs at https://github.com/bnoordhuis/vime/issues. Please check existing issues first. If possible, include a test case demonstrating the bug.
UNIX users, please include the output of node -v and uname -a.
Windows users, please include the output of node -v and winver.
When reporting build errors, include the full terminal output from
npm install vime on down and the output of g++ -v or clang++ -v
(if you are a UNIX user) or the version of Visual Studio or Build Tools
(if you are a Windows user.)
ISC. See the LICENSE file in the top-level directory.
FAQs
A faster VM module.
The npm package vime receives a total of 2 weekly downloads. As such, vime popularity was classified as not popular.
We found that vime demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Rustâs crates.io team is advancing an RFC to add a Security tab that surfaces RustSec vulnerability and unsoundness advisories directly on crate pages.
Security News
/Research
Socket found a Rust typosquat (finch-rust) that loads sha-rust to steal credentials, using impersonation and an unpinned dependency to auto-deliver updates.
Research
/Security Fundamentals
A pair of typosquatted Go packages posing as Googleâs UUID library quietly turn helper functions into encrypted exfiltration channels to a paste site, putting developer and CI data at risk.