New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
vm2 - npm Package Compare versions
Comparing version 3.6.11 to 3.7.0
@@ -0,1 +1,6 @@ | ||
| v3.7.0 (2019-04-15) | ||
| ------------------- | ||
| [new] Add require.resolve. | ||
| [new] Support multiple root paths. | ||
| v3.6.11 (2019-04-08) | ||
@@ -2,0 +7,0 @@ ------------------- |
@@ -10,4 +10,4 @@ import {EventEmitter} from 'events'; | ||
| /* | ||
| * `host` (default) to require modules in host and proxy them to sandbox. `sandbox` to load, compile and | ||
| * require modules in sandbox. Builtin modules except `events` always required in host and proxied to sandbox | ||
| * `host` (default) to require modules in host and proxy them to sandbox. `sandbox` to load, compile and | ||
| * require modules in sandbox. Builtin modules except `events` always required in host and proxied to sandbox | ||
| */ | ||
@@ -19,6 +19,8 @@ context?: "host" | "sandbox"; | ||
| import?: string[]; | ||
| /** Restricted path where local modules can be required (default: every path). */ | ||
| root?: string; | ||
| /** Restricted path(s) where local modules can be required (default: every path). */ | ||
| root?: string | string[]; | ||
| /** Collection of mock modules (both external or builtin). */ | ||
| mock?: any; | ||
| /* An additional lookup function in case a module wasn't found in one of the traditional node lookup paths. */ | ||
| resolve?: (moduleName: String, parentDirname: String) => String; | ||
| } | ||
@@ -36,5 +38,5 @@ | ||
| export interface VMOptions { | ||
| /** | ||
| /** | ||
| * `javascript` (default) or `coffeescript` or custom compiler function (which receives the code, and it's filepath). | ||
| * The library expects you to have coffee-script pre-installed if the compiler is set to `coffeescript`. | ||
| * The library expects you to have coffee-script pre-installed if the compiler is set to `coffeescript`. | ||
| */ | ||
@@ -45,3 +47,3 @@ compiler?: "javascript" | "coffeescript" | CompilerFunction; | ||
| /** | ||
| * Script timeout in milliseconds. Timeout is only effective on code you run through `run`. | ||
| * Script timeout in milliseconds. Timeout is only effective on code you run through `run`. | ||
| * Timeout is NOT effective on any method returned by VM. | ||
@@ -53,3 +55,3 @@ */ | ||
| /** | ||
| * Options for creating a NodeVM | ||
| * Options for creating a NodeVM | ||
| */ | ||
@@ -64,3 +66,3 @@ export interface NodeVMOptions extends VMOptions { | ||
| /** `commonjs` (default) to wrap script into CommonJS wrapper, `none` to retrieve value returned by the script. */ | ||
| wrapper?: "commonjs" | "none"; | ||
| wrapper?: "commonjs" | "none"; | ||
| /** File extensions that the internal module resolver should accept. */ | ||
@@ -86,21 +88,4 @@ sourceExtensions?: string[] | ||
| require(module: string): any; | ||
| } | ||
| /** | ||
| * VM is a simple sandbox, without `require` feature, to synchronously run an untrusted code. | ||
| * Only JavaScript built-in objects + Buffer are available. Scheduling functions | ||
| * (`setInterval`, `setTimeout` and `setImmediate`) are not available by default. | ||
| */ | ||
| export class VM { | ||
| constructor(options?: VMOptions); | ||
| /** Runs the code */ | ||
| run(js: string): any; | ||
| /** Runs the VMScript object */ | ||
| run(script: VMScript): any; | ||
| /** Freezes the object inside VM making it read-only. Not available for primitive values. */ | ||
| freeze(object: any, name: string): any; | ||
| /** Protects the object inside VM making impossible to set functions as it's properties. Not available for primitive values */ | ||
| protect(object: any, name: string): any; | ||
| /** | ||
| /** | ||
| * Create NodeVM and run code inside it. | ||
@@ -124,3 +109,20 @@ * | ||
| /** | ||
| * You can increase performance by using pre-compiled scripts. | ||
| * VM is a simple sandbox, without `require` feature, to synchronously run an untrusted code. | ||
| * Only JavaScript built-in objects + Buffer are available. Scheduling functions | ||
| * (`setInterval`, `setTimeout` and `setImmediate`) are not available by default. | ||
| */ | ||
| export class VM { | ||
| constructor(options?: VMOptions); | ||
| /** Runs the code */ | ||
| run(js: string): any; | ||
| /** Runs the VMScript object */ | ||
| run(script: VMScript): any; | ||
| /** Freezes the object inside VM making it read-only. Not available for primitive values. */ | ||
| freeze(object: any, name: string): any; | ||
| /** Protects the object inside VM making impossible to set functions as it's properties. Not available for primitive values */ | ||
| protect(object: any, name: string): any; | ||
| } | ||
| /** | ||
| * You can increase performance by using pre-compiled scripts. | ||
| * The pre-compiled VMScript can be run later multiple times. It is important to note that the code is not bound | ||
@@ -127,0 +129,0 @@ * to any VM (context); rather, it is bound before each run, just for that run. |
@@ -254,2 +254,5 @@ /* eslint-disable no-shadow, no-invalid-this */ | ||
| if (!filename && vm.options.require.resolve) { | ||
| filename = _resolveFilename(vm.options.require.resolve(moduleName, currentDirname)); | ||
| } | ||
| if (!filename) throw new VMError(`Cannot find module '${moduleName}'`, 'ENOTFOUND'); | ||
@@ -264,4 +267,6 @@ | ||
| if (vm.options.require.root) { | ||
| const requiredPath = pa.resolve(vm.options.require.root); | ||
| if (dirname.indexOf(requiredPath) !== 0) { | ||
| const rootPaths = Array.isArray(vm.options.require.root) ? vm.options.require.root : [vm.options.require.root]; | ||
| const allowedModule = rootPaths.some(path => dirname.startsWith(pa.resolve(path))); | ||
| if (!allowedModule) { | ||
| throw new VMError(`Module '${moduleName}' is not allowed to be required. The path is outside the border!`, 'EDENIED'); | ||
@@ -268,0 +273,0 @@ } |
@@ -16,3 +16,3 @@ { | ||
| ], | ||
| "version": "3.6.11", | ||
| "version": "3.7.0", | ||
| "main": "index.js", | ||
@@ -19,0 +19,0 @@ "repository": "github:patriksimek/vm2", |
@@ -132,6 +132,7 @@ # vm2 [![NPM Version][npm-image]][npm-url] [![NPM Downloads][downloads-image]][downloads-url] [![Package Quality][quality-image]][quality-url] [![Travis CI][travis-image]][travis-url] [![Known Vulnerabilities][snyk-image]][snyk-url] | ||
| * `require.builtin` - Array of allowed builtin modules, accepts ["*"] for all (default: none). | ||
| * `require.root` - Restricted path where local modules can be required (default: every path). | ||
| * `require.root` - Restricted path(s) where local modules can be required (default: every path). | ||
| * `require.mock` - Collection of mock modules (both external or builtin). | ||
| * `require.context` - `host` (default) to require modules in host and proxy them to sandbox. `sandbox` to load, compile and require modules in sandbox. Builtin modules except `events` always required in host and proxied to sandbox. | ||
| * `require.import` - Array of modules to be loaded into NodeVM on start. | ||
| * `require.resolve` - An additional lookup function in case a module wasn't found in one of the traditional node lookup paths. | ||
| * `nesting` - `true` to enable VMs nesting (default: `false`). | ||
@@ -392,2 +393,2 @@ * `wrapper` - `commonjs` (default) to wrap script into CommonJS wrapper, `none` to retrieve value returned by the script. | ||
| [snyk-image]: https://snyk.io/test/github/patriksimek/vm2/badge.svg | ||
| [snyk-url]: https://snyk.io/test/github/patriksimek/vm2 | ||
| [snyk-url]: https://snyk.io/test/github/patriksimek/vm2 |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by0.94%
73409
- Lines of code
- increased by0.37%
1632
- Number of lines in readme file
- increased by0.51%
393
No dependency changes