{ "source": "doc/api/vm.markdown", "modules": [ { "textRaw": "Executing JavaScript", "name": "vm", "stability": 2, "stabilityText": "Stable", "desc": "

You can access this module with:\n\n

\n
var vm = require('vm');
\n

JavaScript code can be compiled and run immediately or compiled, saved, and run\nlater.\n\n

\n", "methods": [ { "textRaw": "vm.runInThisContext(code[, options])", "type": "method", "name": "runInThisContext", "desc": "

vm.runInThisContext() compiles code, runs it and returns the result. Running\ncode does not have access to local scope, but does have access to the current\nglobal object.\n\n

\n

Example of using vm.runInThisContext and eval to run the same code:\n\n

\n
var vm = require('vm');\nvar localVar = 'initial value';\n\nvar vmResult = vm.runInThisContext('localVar = "vm";');\nconsole.log('vmResult: ', vmResult);\nconsole.log('localVar: ', localVar);\n\nvar evalResult = eval('localVar = "eval";');\nconsole.log('evalResult: ', evalResult);\nconsole.log('localVar: ', localVar);\n\n// vmResult: 'vm', localVar: 'initial value'\n// evalResult: 'eval', localVar: 'eval'
\n

vm.runInThisContext does not have access to the local scope, so localVar is\nunchanged. eval does have access to the local scope, so localVar is changed.\n\n

\n

In this way vm.runInThisContext is much like an [indirect eval call][1],\ne.g. (0,eval)('code'). However, it also has the following additional options:\n\n

\n\n", "signatures": [ { "params": [ { "name": "code" }, { "name": "options", "optional": true } ] } ] }, { "textRaw": "vm.createContext([sandbox])", "type": "method", "name": "createContext", "desc": "

If given a sandbox object, will "contextify" that sandbox so that it can be\nused in calls to vm.runInContext or script.runInContext. Inside scripts run\nas such, sandbox will be the global object, retaining all its existing\nproperties but also having the built-in objects and functions any standard\n[global object][2] has. Outside of scripts run by the vm module, sandbox will\nbe unchanged.\n\n

\n

If not given a sandbox object, returns a new, empty contextified sandbox object\nyou can use.\n\n

\n

This function is useful for creating a sandbox that can be used to run multiple\nscripts, e.g. if you were emulating a web browser it could be used to create a\nsingle sandbox representing a window's global object, then run all <script>\ntags together inside that sandbox.\n\n

\n", "signatures": [ { "params": [ { "name": "sandbox", "optional": true } ] } ] }, { "textRaw": "vm.isContext(sandbox)", "type": "method", "name": "isContext", "desc": "

Returns whether or not a sandbox object has been contextified by calling\nvm.createContext on it.\n\n\n

\n", "signatures": [ { "params": [ { "name": "sandbox" } ] } ] }, { "textRaw": "vm.runInContext(code, contextifiedSandbox[, options])", "type": "method", "name": "runInContext", "desc": "

vm.runInContext compiles code, then runs it in contextifiedSandbox and\nreturns the result. Running code does not have access to local scope. The\ncontextifiedSandbox object must have been previously contextified via\nvm.createContext; it will be used as the global object for code.\n\n

\n

vm.runInContext takes the same options as vm.runInThisContext.\n\n

\n

Example: compile and execute different scripts in a single existing context.\n\n

\n
var util = require('util');\nvar vm = require('vm');\n\nvar sandbox = { globalVar: 1 };\nvm.createContext(sandbox);\n\nfor (var i = 0; i < 10; ++i) {\n    vm.runInContext('globalVar *= 2;', sandbox);\n}\nconsole.log(util.inspect(sandbox));\n\n// { globalVar: 1024 }
\n

Note that running untrusted code is a tricky business requiring great care.\nvm.runInContext is quite useful, but safely running untrusted code requires a\nseparate process.\n\n\n

\n", "signatures": [ { "params": [ { "name": "code" }, { "name": "contextifiedSandbox" }, { "name": "options", "optional": true } ] } ] }, { "textRaw": "vm.runInNewContext(code[, sandbox][, options])", "type": "method", "name": "runInNewContext", "desc": "

vm.runInNewContext compiles code, contextifies sandbox if passed or\ncreates a new contextified sandbox if it's omitted, and then runs the code with\nthe sandbox as the global object and returns the result.\n\n

\n

vm.runInNewContext takes the same options as vm.runInThisContext.\n\n

\n

Example: compile and execute code that increments a global variable and sets a\nnew one. These globals are contained in the sandbox.\n\n

\n
var util = require('util');\nvar vm = require('vm');\n\nvar sandbox = {\n  animal: 'cat',\n  count: 2\n};\n\nvm.runInNewContext('count += 1; name = "kitty"', sandbox);\nconsole.log(util.inspect(sandbox));\n\n// { animal: 'cat', count: 3, name: 'kitty' }
\n

Note that running untrusted code is a tricky business requiring great care.\nvm.runInNewContext is quite useful, but safely running untrusted code requires\na separate process.\n\n\n

\n", "signatures": [ { "params": [ { "name": "code" }, { "name": "sandbox", "optional": true }, { "name": "options", "optional": true } ] } ] }, { "textRaw": "vm.runInDebugContext(code)", "type": "method", "name": "runInDebugContext", "desc": "

vm.runInDebugContext compiles and executes code inside the V8 debug context.\nThe primary use case is to get access to the V8 debug object:\n\n

\n
var Debug = vm.runInDebugContext('Debug');\nDebug.scripts().forEach(function(script) { console.log(script.name); });
\n

Note that the debug context and object are intrinsically tied to V8's debugger\nimplementation and may change (or even get removed) without prior warning.\n\n

\n

The debug object can also be exposed with the --expose_debug_as= switch.\n\n\n

\n", "signatures": [ { "params": [ { "name": "code" } ] } ] } ], "classes": [ { "textRaw": "Class: Script", "type": "class", "name": "Script", "desc": "

A class for holding precompiled scripts, and running them in specific sandboxes.\n\n\n

\n", "methods": [ { "textRaw": "new vm.Script(code, options)", "type": "method", "name": "Script", "desc": "

Creating a new Script compiles code but does not run it. Instead, the\ncreated vm.Script object represents this compiled code. This script can be run\nlater many times using methods below. The returned script is not bound to any\nglobal object. It is bound before each run, just for that run.\n\n

\n

The options when creating a script are:\n\n

\n\n", "signatures": [ { "params": [ { "name": "code" }, { "name": "options" } ] } ] }, { "textRaw": "script.runInThisContext([options])", "type": "method", "name": "runInThisContext", "desc": "

Similar to vm.runInThisContext but a method of a precompiled Script object.\nscript.runInThisContext runs script's compiled code and returns the result.\nRunning code does not have access to local scope, but does have access to the\ncurrent global object.\n\n

\n

Example of using script.runInThisContext to compile code once and run it\nmultiple times:\n\n

\n
var vm = require('vm');\n\nglobal.globalVar = 0;\n\nvar script = new vm.Script('globalVar += 1', { filename: 'myfile.vm' });\n\nfor (var i = 0; i < 1000; ++i) {\n  script.runInThisContext();\n}\n\nconsole.log(globalVar);\n\n// 1000
\n

The options for running a script are:\n\n

\n\n", "signatures": [ { "params": [ { "name": "options", "optional": true } ] } ] }, { "textRaw": "script.runInContext(contextifiedSandbox[, options])", "type": "method", "name": "runInContext", "desc": "

Similar to vm.runInContext but a method of a precompiled Script object.\nscript.runInContext runs script's compiled code in contextifiedSandbox\nand returns the result. Running code does not have access to local scope.\n\n

\n

script.runInContext takes the same options as script.runInThisContext.\n\n

\n

Example: compile code that increments a global variable and sets one, then\nexecute the code multiple times. These globals are contained in the sandbox.\n\n

\n
var util = require('util');\nvar vm = require('vm');\n\nvar sandbox = {\n  animal: 'cat',\n  count: 2\n};\n\nvar context = new vm.createContext(sandbox);\nvar script = new vm.Script('count += 1; name = "kitty"');\n\nfor (var i = 0; i < 10; ++i) {\n  script.runInContext(context);\n}\n\nconsole.log(util.inspect(sandbox));\n\n// { animal: 'cat', count: 12, name: 'kitty' }
\n

Note that running untrusted code is a tricky business requiring great care.\nscript.runInContext is quite useful, but safely running untrusted code\nrequires a separate process.\n\n\n

\n", "signatures": [ { "params": [ { "name": "contextifiedSandbox" }, { "name": "options", "optional": true } ] } ] }, { "textRaw": "script.runInNewContext([sandbox][, options])", "type": "method", "name": "runInNewContext", "desc": "

Similar to vm.runInNewContext but a method of a precompiled Script object.\nscript.runInNewContext contextifies sandbox if passed or creates a new\ncontextified sandbox if it's omitted, and then runs script's compiled code\nwith the sandbox as the global object and returns the result. Running code does\nnot have access to local scope.\n\n

\n

script.runInNewContext takes the same options as script.runInThisContext.\n\n

\n

Example: compile code that sets a global variable, then execute the code\nmultiple times in different contexts. These globals are set on and contained in\nthe sandboxes.\n\n

\n
var util = require('util');\nvar vm = require('vm');\n\nvar sandboxes = [{}, {}, {}];\n\nvar script = new vm.Script('globalVar = "set"');\n\nsandboxes.forEach(function (sandbox) {\n  script.runInNewContext(sandbox);\n});\n\nconsole.log(util.inspect(sandboxes));\n\n// [{ globalVar: 'set' }, { globalVar: 'set' }, { globalVar: 'set' }]
\n

Note that running untrusted code is a tricky business requiring great care.\nscript.runInNewContext is quite useful, but safely running untrusted code\nrequires a separate process.\n

\n", "signatures": [ { "params": [ { "name": "sandbox", "optional": true }, { "name": "options", "optional": true } ] } ] } ] } ], "type": "module", "displayName": "vm" } ] }