deno_core as JS sandbox
(repost from genreal)
Hi. I'm making a service where I let users run JS in a sandbox. I'm currently using the isolated-vm npm package.
Would running
deno_core
be harder, better, faster, stronger?
I don't need much and a know a bit of rust. Current implementation has no modules, but built in JS things like setTimeout, and async/await works.
I also inject a custom fetch method. And I have a timeout.3 Replies
Using
deno_core
for creating a JavaScript sandbox can indeed be a suitable choice, especially if you're already familiar with Rust. The deno_core
crate abstracts away interactions with the V8 JavaScript engine and provides a JsRuntime
struct that encapsulates a V8 engine instance. This allows you to integrate with an event loop and map JavaScript Promises onto Rust's Futures, which is essential for supporting features like setTimeout
and async/await
.
Here are some considerations based on the documentation:
1. Sandboxing: deno_core
is designed to run JavaScript in a secure sandbox environment. This aligns with your requirement to run user code in a sandbox.
2. Module Loading: Although your current implementation has no modules, deno_core
does support module loading if you decide to include modules in the future.
3. Built-in JS Features: deno_core
allows you to use built-in JavaScript features and provides the infrastructure to bind Rust futures to JavaScript promises, which is necessary for setTimeout
, async/await
, and other asynchronous operations.
4. Custom Methods: You can inject custom methods, such as a custom fetch
method, into the runtime. This is done by implementing ops (operations) in Rust that can be called from the JavaScript code running in the sandbox.
5. Timeouts: Implementing a timeout mechanism is possible with deno_core
. You would need to manage this within the Rust side of your application, ensuring that long-running scripts can be terminated as needed.
6. Learning Curve: If you're already comfortable with Rust, using deno_core
might not be significantly harder than your current solution. However, there will be a learning curve as you adapt your service to use deno_core
and its APIs.
7.Performance: The documentation indicates that Deno's goal is to be the fastest JavaScript runtime, and it is built on a technology stack (V8 and Rust) that is capable of delivering high performance. This could potentially make your service "faster" and "stronger" in terms of execution speed and security.
8. Community and Support: Deno has an active community and is continuously being developed, which can be beneficial for long-term maintenance and support of your service.
In summary,
deno_core
could be a good fit for your service, offering a secure and potentially more performant environment for running user-supplied JavaScript code. Since you have some Rust knowledge and your requirements seem to align with deno_core
's capabilities, it might be worth exploring this option further. 🦕An AI bot... I'm not sure how to proceed. I've already tried this on latest ChatGPT 4 with bad results. Oh well here goes. Can you generate the code I need for this setup?