/quickjs

A typescript package to execute javascript code in a webassembly quickjs sandbox

Primary LanguageTypeScriptMIT LicenseMIT

QuickJS - Execute JavaScript in a WebAssembly QuickJS Sandbox

This TypeScript package allows you to safely execute JavaScript code within a WebAssembly sandbox using the QuickJS engine. Perfect for isolating and running untrusted code securely, it leverages the lightweight and fast QuickJS engine compiled to WebAssembly, providing a robust environment for code execution.

Features

  • Security: Run untrusted JavaScript code in a safe, isolated environment.
  • File System: Can mount a virtual file system
  • Custom Node Modules: Custom node modules are mountable
  • Fetch Client: Can provide a fetch client to make http(s) calls
  • Test-Runner: Includes a test runner and chai based expect
  • Performance: Benefit from the lightweight and efficient QuickJS engine.
  • Versatility: Easily integrate with existing TypeScript projects.
  • Simplicity: User-friendly API for executing and managing JavaScript code in the sandbox.

View the full documentation

Find examples in the repository

Basic Usage

Here's a simple example of how to use the package:

import { quickJS } from '@sebastianwessel/quickjs'

// General setup like loading and init of the QuickJS wasm
// It is a ressource intensive job and should be done only once if possible 
const { createRuntime } = await quickJS()

// Create a runtime instance each time a js code should be executed
const { evalCode } = await createRuntime({
  allowFetch: true, // inject fetch and allow the code to fetch data
  allowFs: true, // mount a virtual file system and provide node:fs module
  env: {
    MY_ENV_VAR: 'env var value'
  },
})


const result = await evalCode(`
import { join } as path from 'path'

const fn = async ()=>{
  console.log(join('src','dist')) // logs "src/dist" on host system

  console.log(env.MY_ENV_VAR) // logs "env var value" on host system

  const url = new URL('https://example.com')

  const f = await fetch(url)

  return f.text()
}
  
export default await fn()
`)

console.log(result) // { ok: true, data: '<!doctype html>\n<html>\n[....]</html>\n' }

Credits

This lib is based on:

Tools used:

License

This project is licensed under the MIT License.

This package is ideal for developers looking to execute JavaScript code securely within a TypeScript application, ensuring both performance and safety with the QuickJS WebAssembly sandbox.