{"id":13412728,"url":"https://github.com/dop251/goja","last_synced_at":"2025-09-09T21:16:09.495Z","repository":{"id":37335954,"uuid":"72888736","full_name":"dop251/goja","owner":"dop251","description":"ECMAScript/JavaScript engine in pure Go","archived":false,"fork":false,"pushed_at":"2025-06-24T19:09:32.000Z","size":1498,"stargazers_count":6236,"open_issues_count":25,"forks_count":406,"subscribers_count":90,"default_branch":"master","last_synced_at":"2025-06-24T20:25:17.613Z","etag":null,"topics":["golang","javascript"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dop251.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-11-04T22:04:06.000Z","updated_at":"2025-06-24T19:09:36.000Z","dependencies_parsed_at":"2024-06-11T00:43:48.949Z","dependency_job_id":"44783b1d-1134-40aa-9ec4-c048505f844b","html_url":"https://github.com/dop251/goja","commit_stats":{"total_commits":412,"total_committers":31,"mean_commits":"13.290322580645162","dds":"0.17961165048543692","last_synced_commit":"ccbae20bcec2479301d0c65d4ff66f1f5d6becf4"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/dop251/goja","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dop251%2Fgoja","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dop251%2Fgoja/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dop251%2Fgoja/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dop251%2Fgoja/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dop251","download_url":"https://codeload.github.com/dop251/goja/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dop251%2Fgoja/sbom","scorecard":{"id":352449,"data":{"date":"2025-08-11","repo":{"name":"github.com/dop251/goja","commit":"58d95d85e9949a7bad069058977368acf30c72dd"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.3,"checks":[{"name":"Code-Review","score":3,"reason":"Found 9/25 approved changesets -- score normalized to 3","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":6,"reason":"4 commit(s) and 4 issue activity found in the last 90 days -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/dop251/goja/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/dop251/goja/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/dop251/goja/main.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 16 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T08:40:49.381Z","repository_id":37335954,"created_at":"2025-08-18T08:40:49.381Z","updated_at":"2025-08-18T08:40:49.381Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274365927,"owners_count":25272293,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-09T02:00:10.223Z","response_time":80,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","javascript"],"created_at":"2024-07-30T20:01:28.423Z","updated_at":"2025-09-09T21:16:09.454Z","avatar_url":"https://github.com/dop251.png","language":"Go","readme":"goja\n====\n\nECMAScript 5.1(+) implementation in Go.\n\n[![Go Reference](https://pkg.go.dev/badge/github.com/dop251/goja.svg)](https://pkg.go.dev/github.com/dop251/goja)\n\nGoja is an implementation of ECMAScript 5.1 in pure Go with emphasis on standard compliance and\nperformance.\n\nThis project was largely inspired by [otto](https://github.com/robertkrimen/otto).\n\nThe minimum required Go version is 1.20.\n\nFeatures\n--------\n\n * Full ECMAScript 5.1 support (including regex and strict mode).\n * Passes nearly all [tc39 tests](https://github.com/tc39/test262) for the features implemented so far. The goal is to\n   pass all of them. See .tc39_test262_checkout.sh for the latest working commit id.\n * Capable of running Babel, Typescript compiler and pretty much anything written in ES5.\n * Sourcemaps.\n * Most of ES6 functionality, still work in progress, see https://github.com/dop251/goja/milestone/1?closed=1\n\nKnown incompatibilities and caveats\n-----------------------------------\n\n### WeakMap\nWeakMap is implemented by embedding references to the values into the keys. This means that as long\nas the key is reachable all values associated with it in any weak maps also remain reachable and therefore\ncannot be garbage collected even if they are not otherwise referenced, even after the WeakMap is gone.\nThe reference to the value is dropped either when the key is explicitly removed from the WeakMap or when the\nkey becomes unreachable.\n\nTo illustrate this:\n\n```javascript\nvar m = new WeakMap();\nvar key = {};\nvar value = {/* a very large object */};\nm.set(key, value);\nvalue = undefined;\nm = undefined; // The value does NOT become garbage-collectable at this point\nkey = undefined; // Now it does\n// m.delete(key); // This would work too\n```\n\nThe reason for it is the limitation of the Go runtime. At the time of writing (version 1.15) having a finalizer\nset on an object which is part of a reference cycle makes the whole cycle non-garbage-collectable. The solution\nabove is the only reasonable way I can think of without involving finalizers. This is the third attempt\n(see https://github.com/dop251/goja/issues/250 and https://github.com/dop251/goja/issues/199 for more details).\n\nNote, this does not have any effect on the application logic, but may cause a higher-than-expected memory usage.\n\n### WeakRef and FinalizationRegistry\nFor the reason mentioned above implementing WeakRef and FinalizationRegistry does not seem to be possible at this stage.\n\n### JSON\n`JSON.parse()` uses the standard Go library which operates in UTF-8. Therefore, it cannot correctly parse broken UTF-16\nsurrogate pairs, for example:\n\n```javascript\nJSON.parse(`\"\\\\uD800\"`).charCodeAt(0).toString(16) // returns \"fffd\" instead of \"d800\"\n```\n\n### Date\nConversion from calendar date to epoch timestamp uses the standard Go library which uses `int`, rather than `float` as per\nECMAScript specification. This means if you pass arguments that overflow int to the `Date()` constructor or  if there is\nan integer overflow, the result will be incorrect, for example:\n\n```javascript\nDate.UTC(1970, 0, 1, 80063993375, 29, 1, -288230376151711740) // returns 29256 instead of 29312\n```\n\nFAQ\n---\n\n### How fast is it?\n\nAlthough it's faster than many scripting language implementations in Go I have seen\n(for example it's 6-7 times faster than otto on average) it is not a\nreplacement for V8 or SpiderMonkey or any other general-purpose JavaScript engine.\nYou can find some benchmarks [here](https://github.com/dop251/goja/issues/2).\n\n### Why would I want to use it over a V8 wrapper?\n\nIt greatly depends on your usage scenario. If most of the work is done in javascript\n(for example crypto or any other heavy calculations) you are definitely better off with V8.\n\nIf you need a scripting language that drives an engine written in Go so that\nyou need to make frequent calls between Go and javascript passing complex data structures\nthen the cgo overhead may outweigh the benefits of having a faster javascript engine.\n\nBecause it's written in pure Go there are no cgo dependencies, it's very easy to build and it\nshould run on any platform supported by Go.\n\nIt gives you a much better control over execution environment so can be useful for research.\n\n### Is it goroutine-safe?\n\nNo. An instance of goja.Runtime can only be used by a single goroutine\nat a time. You can create as many instances of Runtime as you like but\nit's not possible to pass object values between runtimes.\n\n### Where is setTimeout()/setInterval()?\n\nsetTimeout() and setInterval() are common functions to provide concurrent execution in ECMAScript environments, but the two functions are not part of the ECMAScript standard.\nBrowsers and NodeJS just happen to provide similar, but not identical, functions. The hosting application need to control the environment for concurrent execution, e.g. an event loop, and supply the functionality to script code.\n\nThere is a [separate project](https://github.com/dop251/goja_nodejs) aimed at providing some NodeJS functionality,\nand it includes an event loop.\n\n### Can you implement (feature X from ES6 or higher)?\n\nI will be adding features in their dependency order and as quickly as time permits. Please do not ask\nfor ETAs. Features that are open in the [milestone](https://github.com/dop251/goja/milestone/1) are either in progress\nor will be worked on next.\n\nThe ongoing work is done in separate feature branches which are merged into master when appropriate.\nEvery commit in these branches represents a relatively stable state (i.e. it compiles and passes all enabled tc39 tests),\nhowever because the version of tc39 tests I use is quite old, it may be not as well tested as the ES5.1 functionality. Because there are (usually) no major breaking changes between ECMAScript revisions\nit should not break your existing code. You are encouraged to give it a try and report any bugs found. Please do not submit fixes though without discussing it first, as the code could be changed in the meantime.\n\n### How do I contribute?\n\nBefore submitting a pull request please make sure that:\n\n- You followed ECMA standard as close as possible. If adding a new feature make sure you've read the specification,\ndo not just base it on a couple of examples that work fine.\n- Your change does not have a significant negative impact on performance (unless it's a bugfix and it's unavoidable)\n- It passes all relevant tc39 tests.\n\nCurrent Status\n--------------\n\n * There should be no breaking changes in the API, however it may be extended.\n * Some of the AnnexB functionality is missing.\n\nBasic Example\n-------------\n\nRun JavaScript and get the result value.\n\n```go\nvm := goja.New()\nv, err := vm.RunString(\"2 + 2\")\nif err != nil {\n    panic(err)\n}\nif num := v.Export().(int64); num != 4 {\n    panic(num)\n}\n```\n\nPassing Values to JS\n--------------------\nAny Go value can be passed to JS using Runtime.ToValue() method. See the method's [documentation](https://pkg.go.dev/github.com/dop251/goja#Runtime.ToValue) for more details.\n\nExporting Values from JS\n------------------------\nA JS value can be exported into its default Go representation using Value.Export() method.\n\nAlternatively it can be exported into a specific Go variable using [Runtime.ExportTo()](https://pkg.go.dev/github.com/dop251/goja#Runtime.ExportTo) method.\n\nWithin a single export operation the same Object will be represented by the same Go value (either the same map, slice or\na pointer to the same struct). This includes circular objects and makes it possible to export them.\n\nCalling JS functions from Go\n----------------------------\nThere are 2 approaches:\n\n- Using [AssertFunction()](https://pkg.go.dev/github.com/dop251/goja#AssertFunction):\n```go\nconst SCRIPT = `\nfunction sum(a, b) {\n    return +a + b;\n}\n`\n\nvm := goja.New()\n_, err := vm.RunString(SCRIPT)\nif err != nil {\n    panic(err)\n}\nsum, ok := goja.AssertFunction(vm.Get(\"sum\"))\nif !ok {\n    panic(\"Not a function\")\n}\n\nres, err := sum(goja.Undefined(), vm.ToValue(40), vm.ToValue(2))\nif err != nil {\n    panic(err)\n}\nfmt.Println(res)\n// Output: 42\n```\n- Using [Runtime.ExportTo()](https://pkg.go.dev/github.com/dop251/goja#Runtime.ExportTo):\n```go\nconst SCRIPT = `\nfunction sum(a, b) {\n    return +a + b;\n}\n`\n\nvm := goja.New()\n_, err := vm.RunString(SCRIPT)\nif err != nil {\n    panic(err)\n}\n\nvar sum func(int, int) int\nerr = vm.ExportTo(vm.Get(\"sum\"), \u0026sum)\nif err != nil {\n    panic(err)\n}\n\nfmt.Println(sum(40, 2)) // note, _this_ value in the function will be undefined.\n// Output: 42\n```\n\nThe first one is more low level and allows specifying _this_ value, whereas the second one makes the function look like\na normal Go function.\n\nMapping struct field and method names\n-------------------------------------\nBy default, the names are passed through as is which means they are capitalised. This does not match\nthe standard JavaScript naming convention, so if you need to make your JS code look more natural or if you are\ndealing with a 3rd party library, you can use a [FieldNameMapper](https://pkg.go.dev/github.com/dop251/goja#FieldNameMapper):\n\n```go\nvm := goja.New()\nvm.SetFieldNameMapper(TagFieldNameMapper(\"json\", true))\ntype S struct {\n    Field int `json:\"field\"`\n}\nvm.Set(\"s\", S{Field: 42})\nres, _ := vm.RunString(`s.field`) // without the mapper it would have been s.Field\nfmt.Println(res.Export())\n// Output: 42\n```\n\nThere are two standard mappers: [TagFieldNameMapper](https://pkg.go.dev/github.com/dop251/goja#TagFieldNameMapper) and\n[UncapFieldNameMapper](https://pkg.go.dev/github.com/dop251/goja#UncapFieldNameMapper), or you can use your own implementation.\n\nNative Constructors\n-------------------\n\nIn order to implement a constructor function in Go use `func (goja.ConstructorCall) *goja.Object`.\nSee [Runtime.ToValue()](https://pkg.go.dev/github.com/dop251/goja#Runtime.ToValue) documentation for more details.\n\nRegular Expressions\n-------------------\n\nGoja uses the embedded Go regexp library where possible, otherwise it falls back to [regexp2](https://github.com/dlclark/regexp2).\n\nExceptions\n----------\n\nAny exception thrown in JavaScript is returned as an error of type *Exception. It is possible to extract the value thrown\nby using the Value() method:\n\n```go\nvm := goja.New()\n_, err := vm.RunString(`\n\nthrow(\"Test\");\n\n`)\n\nif jserr, ok := err.(*Exception); ok {\n    if jserr.Value().Export() != \"Test\" {\n        panic(\"wrong value\")\n    }\n} else {\n    panic(\"wrong type\")\n}\n```\n\nIf a native Go function panics with a Value, it is thrown as a Javascript exception (and therefore can be caught):\n\n```go\nvar vm *Runtime\n\nfunc Test() {\n    panic(vm.ToValue(\"Error\"))\n}\n\nvm = goja.New()\nvm.Set(\"Test\", Test)\n_, err := vm.RunString(`\n\ntry {\n    Test();\n} catch(e) {\n    if (e !== \"Error\") {\n        throw e;\n    }\n}\n\n`)\n\nif err != nil {\n    panic(err)\n}\n```\n\nInterrupting\n------------\n\n```go\nfunc TestInterrupt(t *testing.T) {\n    const SCRIPT = `\n    var i = 0;\n    for (;;) {\n        i++;\n    }\n    `\n\n    vm := goja.New()\n    time.AfterFunc(200 * time.Millisecond, func() {\n        vm.Interrupt(\"halt\")\n    })\n\n    _, err := vm.RunString(SCRIPT)\n    if err == nil {\n        t.Fatal(\"Err is nil\")\n    }\n    // err is of type *InterruptError and its Value() method returns whatever has been passed to vm.Interrupt()\n}\n```\n\nNodeJS Compatibility\n--------------------\n\nThere is a [separate project](https://github.com/dop251/goja_nodejs) aimed at providing some of the NodeJS functionality.\n","funding_links":[],"categories":["开源类库","Embeddable Scripting Languages","Go","Open source library","可嵌入的脚本语言","脚本语言与嵌入式编程","脚本语言与嵌入式编程`在你的go代码中嵌入其他脚本语言`","Engines","Relational Databases"],"sub_categories":["解释器","Search and Analytic Databases","Interpreter","检索及分析资料库","Advanced Console UIs","SQL 查询语句构建库"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdop251%2Fgoja","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdop251%2Fgoja","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdop251%2Fgoja/lists"}