{"id":11389,"date":"2014-01-24T14:03:11","date_gmt":"2014-01-24T08:33:11","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=11389"},"modified":"2014-01-24T14:03:11","modified_gmt":"2014-01-24T08:33:11","slug":"sandboxing-in-node-js-using-vm-module","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/sandboxing-in-node-js-using-vm-module\/","title":{"rendered":"Sandboxing In Node.JS Using VM Module"},"content":{"rendered":"<p>Two commonly known ways to execute a script in Node.JS are using eval () function or running it using VM module.<\/p>\n<p>Lets see this through an example:<br \/>\n[js]<br \/>\nvar vm = require(&#8216;vm&#8217;);<\/p>\n<p>this.name = &quot;Sakshi&quot;;<\/p>\n<p>var script = &quot;this.name = &#8216;Tyagi&#8217;&quot;, withVM, withEVAL;<\/p>\n<p>withEVAL = eval(script);<\/p>\n<p>console.log(&quot;withEVAL :&quot; + withEVAL + &quot;, &quot; + &quot;local :&quot;+ this.name);<\/p>\n<p>withVM = vm.runInThisContext(script);<\/p>\n<p>console.log(&quot; withVM :&quot; + withVM + &quot;, &quot;+ &quot;local :&quot;+ this.name);<\/p>\n<p>[\/js]<\/p>\n<p>Here, we have executed a piece of JavaScript code in two ways:-<\/p>\n<p>1. <strong>With eval()<\/strong>  = eval()  function passes a string to the JavaScript compiler and execute it. But at the same time, its not safe way to execute a script because it compromises the security of the application. eval() has access to all local as well as global objects.<br \/>\nIn this case output will be:<br \/>\n<code>withEVAL :Tyagi, local :Tyagi<\/code><\/p>\n<p>2. <strong>With vm module<\/strong> = VM provides an access to V8 virtual machine in which the script can be executed. Running script does not have access to local objects. So in this way <code>vm.runInThisContext<\/code> creates its own environment where only global objects can be used, thereby not effecting or accidentally modifying local objects.<br \/>\n In this case output will be:<br \/>\n<code>withVM :Tyagi, local :Sakshi<\/code><\/p>\n<p>So in this way, VM module can be used to sandbox our application having crucial data.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Two commonly known ways to execute a script in Node.JS are using eval () function or running it using VM module. Lets see this through an example: [js] var vm = require(&#8216;vm&#8217;); this.name = &quot;Sakshi&quot;; var script = &quot;this.name = &#8216;Tyagi&#8217;&quot;, withVM, withEVAL; withEVAL = eval(script); console.log(&quot;withEVAL :&quot; + withEVAL + &quot;, &quot; + &quot;local [&hellip;]<\/p>\n","protected":false},"author":65,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":2},"categories":[1],"tags":[1124],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/11389"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=11389"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/11389\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=11389"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=11389"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=11389"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}