Running the Node tasks in a separate subprocess or sandbox

[egoist]

Thanks for the comment on HN https://news.ycombinator.com/item?id=17196329

[egoist]

In terms of security, I think require-from-string isn't that bad since the code it runs isn't untrusted code, the code is written by you or the one the trust 😅

The extra features that it might bring us by running the code in a sandbox:

• proper sourcemap?
• ?

[tunnckoCore]

I think it's good and enough too.

But probably could be replaced with simply

const vm = require('vm');

vm.runInNewContext(`
  var util = require('util');
  if (Boolean(util)) {
   console.log(123);
  }
  console.log(util.isBoolean(true));
`, {
  require: require,
  console: console
});

[tunnckoCore]

Actually microcule is cool. But pretty pretty big in terms of number of deps. And probably too much for here. But is good, because support tons of "languages".

[Marak]

@olstenlarck -

I'm the main developer on microcule.

I agree it's current configuration in main branch is a bit heavy in terms of dependencies, but this is mostly due to some legacy requirements from it's enterprise usage.

We've discussed the idea on our end before of creating a dependency like microcule-spawn in order to separate our concerns and streamline microcule project itself.

Let me know if you have any questions or ideas about this. It would be relatively easy to create a brand new module to support spawning multiple languages binaries like python or php, but it can get start to get difficult when dealing with many languages ( both dynamic and static ).