{ "source": "doc/api/vm.markdown", "modules": [ { "textRaw": "Executing JavaScript", "name": "vm", "stability": 3, "stabilityText": "Stable", "desc": "

You can access this module with:\n\n

\n
var vm = require('vm');
\n

JavaScript code can be compiled and run immediately or compiled, saved, and run later.\n\n\n

\n", "methods": [ { "textRaw": "vm.runInThisContext(code, [filename])", "type": "method", "name": "runInThisContext", "desc": "

vm.runInThisContext() compiles code, runs it and returns the result. Running\ncode does not have access to local scope. filename is optional, it's used only\nin stack traces.\n\n

\n

Example of using vm.runInThisContext and eval to run the same code:\n\n

\n
var localVar = 123,\n    usingscript, evaled,\n    vm = require('vm');\n\nusingscript = vm.runInThisContext('localVar = 1;',\n  'myfile.vm');\nconsole.log('localVar: ' + localVar + ', usingscript: ' +\n  usingscript);\nevaled = eval('localVar = 1;');\nconsole.log('localVar: ' + localVar + ', evaled: ' +\n  evaled);\n\n// localVar: 123, usingscript: 1\n// localVar: 1, evaled: 1
\n

vm.runInThisContext does not have access to the local scope, so localVar is unchanged.\neval does have access to the local scope, so localVar is changed.\n\n

\n

In case of syntax error in code, vm.runInThisContext emits the syntax error to stderr\nand throws an exception.\n\n\n

\n", "signatures": [ { "params": [ { "name": "code" }, { "name": "filename", "optional": true } ] } ] }, { "textRaw": "vm.runInNewContext(code, [sandbox], [filename])", "type": "method", "name": "runInNewContext", "desc": "

vm.runInNewContext compiles code, then runs it in sandbox and returns the\nresult. Running code does not have access to local scope. The object sandbox\nwill be used as the global object for code.\nsandbox and filename are optional, filename is only used in stack traces.\n\n

\n

Example: compile and execute code that increments a global variable and sets a new one.\nThese globals are contained in the sandbox.\n\n

\n
var util = require('util'),\n    vm = require('vm'),\n    sandbox = {\n      animal: 'cat',\n      count: 2\n    };\n\nvm.runInNewContext('count += 1; name = "kitty"', sandbox, 'myfile.vm');\nconsole.log(util.inspect(sandbox));\n\n// { animal: 'cat', count: 3, name: 'kitty' }
\n

Note that running untrusted code is a tricky business requiring great care. To prevent accidental\nglobal variable leakage, vm.runInNewContext is quite useful, but safely running untrusted code\nrequires a separate process.\n\n

\n

In case of syntax error in code, vm.runInNewContext emits the syntax error to stderr\nand throws an exception.\n\n

\n", "signatures": [ { "params": [ { "name": "code" }, { "name": "sandbox", "optional": true }, { "name": "filename", "optional": true } ] } ] }, { "textRaw": "vm.runInContext(code, context, [filename])", "type": "method", "name": "runInContext", "desc": "

vm.runInContext compiles code, then runs it in context and returns the\nresult. A (V8) context comprises a global object, together with a set of\nbuilt-in objects and functions. Running code does not have access to local scope\nand the global object held within context will be used as the global object\nfor code.\nfilename is optional, it's used only in stack traces.\n\n

\n

Example: compile and execute code in a existing context.\n\n

\n
var util = require('util'),\n    vm = require('vm'),\n    initSandbox = {\n      animal: 'cat',\n      count: 2\n    },\n    context = vm.createContext(initSandbox);\n\nvm.runInContext('count += 1; name = "CATT"', context, 'myfile.vm');\nconsole.log(util.inspect(context));\n\n// { animal: 'cat', count: 3, name: 'CATT' }
\n

Note that createContext will perform a shallow clone of the supplied sandbox object in order to\ninitialise the global object of the freshly constructed context.\n\n

\n

Note that running untrusted code is a tricky business requiring great care. To prevent accidental\nglobal variable leakage, vm.runInContext is quite useful, but safely running untrusted code\nrequires a separate process.\n\n

\n

In case of syntax error in code, vm.runInContext emits the syntax error to stderr\nand throws an exception.\n\n

\n", "signatures": [ { "params": [ { "name": "code" }, { "name": "context" }, { "name": "filename", "optional": true } ] } ] }, { "textRaw": "vm.createContext([initSandbox])", "type": "method", "name": "createContext", "desc": "

vm.createContext creates a new context which is suitable for use as the 2nd argument of a subsequent\ncall to vm.runInContext. A (V8) context comprises a global object together with a set of\nbuild-in objects and functions. The optional argument initSandbox will be shallow-copied\nto seed the initial contents of the global object used by the context.\n\n

\n", "signatures": [ { "params": [ { "name": "initSandbox", "optional": true } ] } ] }, { "textRaw": "vm.createScript(code, [filename])", "type": "method", "name": "createScript", "desc": "

createScript compiles code but does not run it. Instead, it returns a\nvm.Script object representing this compiled code. This script can be run\nlater many times using methods below. The returned script is not bound to any\nglobal object. It is bound before each run, just for that run. filename is\noptional, it's only used in stack traces.\n\n

\n

In case of syntax error in code, createScript prints the syntax error to stderr\nand throws an exception.\n\n\n

\n", "signatures": [ { "params": [ { "name": "code" }, { "name": "filename", "optional": true } ] } ] } ], "classes": [ { "textRaw": "Class: Script", "type": "class", "name": "Script", "desc": "

A class for running scripts. Returned by vm.createScript.\n\n

\n", "methods": [ { "textRaw": "script.runInThisContext()", "type": "method", "name": "runInThisContext", "desc": "

Similar to vm.runInThisContext but a method of a precompiled Script object.\nscript.runInThisContext runs the code of script and returns the result.\nRunning code does not have access to local scope, but does have access to the global object\n(v8: in actual context).\n\n

\n

Example of using script.runInThisContext to compile code once and run it multiple times:\n\n

\n
var vm = require('vm');\n\nglobalVar = 0;\n\nvar script = vm.createScript('globalVar += 1', 'myfile.vm');\n\nfor (var i = 0; i < 1000 ; i += 1) {\n  script.runInThisContext();\n}\n\nconsole.log(globalVar);\n\n// 1000
\n", "signatures": [ { "params": [] } ] }, { "textRaw": "script.runInNewContext([sandbox])", "type": "method", "name": "runInNewContext", "desc": "

Similar to vm.runInNewContext a method of a precompiled Script object.\nscript.runInNewContext runs the code of script with sandbox as the global object and returns the result.\nRunning code does not have access to local scope. sandbox is optional.\n\n

\n

Example: compile code that increments a global variable and sets one, then execute this code multiple times.\nThese globals are contained in the sandbox.\n\n

\n
var util = require('util'),\n    vm = require('vm'),\n    sandbox = {\n      animal: 'cat',\n      count: 2\n    };\n\nvar script = vm.createScript('count += 1; name = "kitty"', 'myfile.vm');\n\nfor (var i = 0; i < 10 ; i += 1) {\n  script.runInNewContext(sandbox);\n}\n\nconsole.log(util.inspect(sandbox));\n\n// { animal: 'cat', count: 12, name: 'kitty' }
\n

Note that running untrusted code is a tricky business requiring great care. To prevent accidental\nglobal variable leakage, script.runInNewContext is quite useful, but safely running untrusted code\nrequires a separate process.\n

\n", "signatures": [ { "params": [ { "name": "sandbox", "optional": true } ] } ] } ] } ], "type": "module", "displayName": "vm" } ] }