sandbox
sandbox copied to clipboard
gf3
A nifty JavaScript sandbox for Node.js
Looks like the last commit was in 2014. Is this project still maintained or should it be considered EOL? @gf3
Babel
Would it be safe to use babel to transform untrusted code before using the sandbox, or is would that open up opportunity for an attack?
Using functions and constructors, its possible to escape the sandbox to get process, which can be used to get require that can be used for evil things like a reverse...
I'm looking through the docs on async functions. Are there any configurations which would allow for example setTimeout to work? I think this would be an issue for Node <...
[npm-debug.zip](https://github.com/gf3/sandbox/files/1215377/npm-debug.zip) Please advise. Thanks very much
UNLICENSED has a specific meaning: no one but the owner is allowed to use the code. The Unlicense (which you link to) kinda means the opposite. Might want to clarify...
When returning a result object from shovel.js, you're using util.inspect - however, an object passed this way will not be usable on the other side (after JSON.parse, it will be...
if you think about accepting this PR, make sure you have tavis ci activated on the repo. it helped me track down that the actual required node version is 0.9.1+
