vm security

[loynoir]

https://github.com/patriksimek/vm2#what-is-the-difference-between-nodes-vm-and-vm2

https://nodejs.org/api/vm.html#vm-executing-javascript

The node:vm module is not a security mechanism. Do not use it to run untrusted code.

[capricorn86]

Hi @loynoir! :slightly_smiling_face:

It's a good suggestion. However, I am a bit worried how it would affect performance to wrap the native "vm" package with this logic. We would probably need to do some performance tests before implementing it.

[jimkoen]

Would love to see this as well. happy-dom is not that great for scraping tasks if I need to completely trust the code I'm fetching in order to execute it. Is there anything we could do to help you integrate this?