eirikb
eirikb2mo ago

deno_core as JS sandbox

(repost from genreal) Hi. I'm making a service where I let users run JS in a sandbox. I'm currently using the isolated-vm npm package. Would running deno_core be harder, better, faster, stronger? I don't need much and a know a bit of rust. Current implementation has no modules, but built in JS things like setTimeout, and async/await works. I also inject a custom fetch method. And I have a timeout.
3 Replies
Deno AI Helper
Deno AI Helper2mo ago
Using deno_core for creating a JavaScript sandbox can indeed be a suitable choice, especially if you're already familiar with Rust. The deno_core crate abstracts away interactions with the V8 JavaScript engine and provides a JsRuntime struct that encapsulates a V8 engine instance. This allows you to integrate with an event loop and map JavaScript Promises onto Rust's Futures, which is essential for supporting features like setTimeout and async/await. Here are some considerations based on the documentation: 1. Sandboxing: deno_core is designed to run JavaScript in a secure sandbox environment. This aligns with your requirement to run user code in a sandbox. 2. Module Loading: Although your current implementation has no modules, deno_core does support module loading if you decide to include modules in the future. 3. Built-in JS Features: deno_core allows you to use built-in JavaScript features and provides the infrastructure to bind Rust futures to JavaScript promises, which is necessary for setTimeout, async/await, and other asynchronous operations. 4. Custom Methods: You can inject custom methods, such as a custom fetch method, into the runtime. This is done by implementing ops (operations) in Rust that can be called from the JavaScript code running in the sandbox. 5. Timeouts: Implementing a timeout mechanism is possible with deno_core. You would need to manage this within the Rust side of your application, ensuring that long-running scripts can be terminated as needed. 6. Learning Curve: If you're already comfortable with Rust, using deno_core might not be significantly harder than your current solution. However, there will be a learning curve as you adapt your service to use deno_core and its APIs. 7.
Deno AI Helper
Deno AI Helper2mo ago
Performance: The documentation indicates that Deno's goal is to be the fastest JavaScript runtime, and it is built on a technology stack (V8 and Rust) that is capable of delivering high performance. This could potentially make your service "faster" and "stronger" in terms of execution speed and security. 8. Community and Support: Deno has an active community and is continuously being developed, which can be beneficial for long-term maintenance and support of your service. In summary, deno_core could be a good fit for your service, offering a secure and potentially more performant environment for running user-supplied JavaScript code. Since you have some Rust knowledge and your requirements seem to align with deno_core's capabilities, it might be worth exploring this option further. 🦕
eirikb
eirikb2mo ago
An AI bot... I'm not sure how to proceed. I've already tried this on latest ChatGPT 4 with bad results. Oh well here goes. Can you generate the code I need for this setup?