Secure Node.js VM for Chatbotaurus - Execute user code in isolated sandbox environments
npm install @chatbotaurus/nodevm@chatbotaurus/nodevm provides a secure virtual machine environment for executing untrusted JavaScript code in Node.js. It creates an isolated sandbox that prevents malicious code from accessing the host system while allowing controlled access to specific modules and resources.
bash
npm install @chatbotaurus/nodevm
`
or with pnpm:
`bash
pnpm add @chatbotaurus/nodevm
`
Basic Usage
`typescript
import { NodeVM } from '@chatbotaurus/nodevm';
// Create a new VM instance
const vm = new NodeVM({
console: 'inherit',
sandbox: {},
require: {
external: true,
builtin: ['fs', 'path'],
root: './'
}
});
// Execute code in the sandbox
const result = vm.run(
);
console.log(result); // Output: Hello from the sandbox!
`
Configuration Options
$3
- console: Control console output behavior
- 'inherit' - Pass through to host console
- 'redirect' - Capture console output
- 'off' - Disable console
- sandbox: Object containing variables accessible in the sandbox
`typescript
const vm = new NodeVM({
sandbox: {
customVar: 'Available in sandbox'
}
});
`
- require: Configure module loading
- external: Allow external npm packages (boolean or string array)
- builtin: Whitelist of built-in Node.js modules
- root: Root directory for module resolution
- mock: Mock specific modules
- wrapper: Code wrapping strategy
- 'commonjs' - Wrap in CommonJS module format (default)
- 'none' - No wrapping
- sourceExtensions: File extensions to process (default: ['js'])
Advanced Examples
$3
`typescript
const vm = new NodeVM({
require: {
external: false, // Disable external packages
builtin: ['path'], // Only allow 'path' module
root: './'
}
});
`
$3
`typescript
const vm = new NodeVM();
const result = vm.runFile('./user-script.js');
`
$3
`typescript
const vm = new NodeVM({
sandbox: {
apiKey: process.env.API_KEY,
fetch: customFetchImplementation
}
});
``