{"id":16332916,"url":"https://github.com/eight04/node_vm2","last_synced_at":"2025-10-06T18:46:10.807Z","repository":{"id":19051242,"uuid":"85890839","full_name":"eight04/node_vm2","owner":"eight04","description":"A Python 3 to Node.js + vm2 binding, helps you execute JavaScript safely.","archived":false,"fork":false,"pushed_at":"2023-10-22T17:29:29.000Z","size":149,"stargazers_count":71,"open_issues_count":7,"forks_count":12,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-05-20T09:05:31.962Z","etag":null,"topics":["nodejs","python","python3","vm2"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eight04.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-03-23T00:49:31.000Z","updated_at":"2025-02-11T13:44:34.000Z","dependencies_parsed_at":"2024-06-18T20:08:36.505Z","dependency_job_id":"7271fd8f-083e-490e-b709-7caa58a05cda","html_url":"https://github.com/eight04/node_vm2","commit_stats":{"total_commits":98,"total_committers":1,"mean_commits":98.0,"dds":0.0,"last_synced_commit":"d4fa4f0fd6d96efa49797849fdfd0fd51ae90d04"},"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/eight04/node_vm2","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eight04%2Fnode_vm2","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eight04%2Fnode_vm2/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eight04%2Fnode_vm2/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eight04%2Fnode_vm2/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eight04","download_url":"https://codeload.github.com/eight04/node_vm2/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eight04%2Fnode_vm2/sbom","scorecard":{"id":369872,"data":{"date":"2025-08-11","repo":{"name":"github.com/eight04/node_vm2","commit":"e04723b1a3254ddbee6c123c4c77c2bf9e874ec5"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.5,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:9: update your workflow using https://app.stepsecurity.io/secureworkflow/eight04/node_vm2/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/eight04/node_vm2/test.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/eight04/node_vm2/test.yml/master?enable=pin","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:17","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:18","Warn: pipCommand not pinned by hash: .github/workflows/test.yml:20","Info:   0 out of   3 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   3 pipCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 4 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"25 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-cchq-frgv-rjh5","Warn: Project is vulnerable to: GHSA-g644-9gfx-q4q4","Warn: Project is vulnerable to: PYSEC-2024-230 / GHSA-248v-346w-9cwc","Warn: Project is vulnerable to: PYSEC-2024-60 / GHSA-jjg7-2v4v-x38h","Warn: Project is vulnerable to: GHSA-cpwx-vrp4-4pq7","Warn: Project is vulnerable to: GHSA-gmj6-6f8f-6699","Warn: Project is vulnerable to: GHSA-h5c8-rqwp-cp95","Warn: Project is vulnerable to: GHSA-h75v-3vvj-5mfj","Warn: Project is vulnerable to: GHSA-q2x7-8rv6-6q7h","Warn: Project is vulnerable to: GHSA-9hjg-9r4m-mvj7","Warn: Project is vulnerable to: GHSA-9wx4-h78v-vm56","Warn: Project is vulnerable to: PYSEC-2025-49 / GHSA-5rjg-fvgr-3xxf","Warn: Project is vulnerable to: GHSA-cx63-2mw6-8hw5","Warn: Project is vulnerable to: GHSA-753j-mpmx-qq6g","Warn: Project is vulnerable to: GHSA-7cx3-6m66-7c5m","Warn: Project is vulnerable to: GHSA-8w49-h785-mj3c","Warn: Project is vulnerable to: GHSA-w235-7p84-xx57","Warn: Project is vulnerable to: GHSA-g7vv-2v7x-gj9p","Warn: Project is vulnerable to: GHSA-34jh-p97f-mpxf","Warn: Project is vulnerable to: GHSA-pq67-6m6q-mj2v","Warn: Project is vulnerable to: GHSA-jfmj-5v4g-7637","Warn: Project is vulnerable to: PYSEC-2023-117 / GHSA-mrwq-x4v8-fh7p","Warn: Project is vulnerable to: PYSEC-2022-43017 / GHSA-qwmp-2cf2-g9g6"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T12:42:42.486Z","repository_id":19051242,"created_at":"2025-08-18T12:42:42.486Z","updated_at":"2025-08-18T12:42:42.486Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278662596,"owners_count":26024383,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-06T02:00:05.630Z","response_time":65,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["nodejs","python","python3","vm2"],"created_at":"2024-10-10T23:33:43.561Z","updated_at":"2025-10-06T18:46:10.759Z","avatar_url":"https://github.com/eight04.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"node_vm2\n========\n\n.. image:: https://readthedocs.org/projects/node-vm2/badge/?version=latest\n   :target: http://node-vm2.readthedocs.io/en/latest/?badge=latest\n   :alt: Documentation Status\n   \n.. image:: https://github.com/eight04/node_vm2/actions/workflows/test.yml/badge.svg\n   :target: https://github.com/eight04/node_vm2/actions/workflows/test.yml\n   :alt: test\n\n.. warning::\n   This project is no longer maintained. Please use `deno_vm \u003chttps://github.com/eight04/deno_vm\u003e`__ instead.\n\nA Python 3 to Node.js + vm2 binding, helps you execute JavaScript safely.\n\nvm2\n---\n\n`vm2 \u003chttps://github.com/patriksimek/vm2\u003e`__ is a node module to create **real** sandbox in node. The official node API `vm \u003chttps://nodejs.org/api/vm.html\u003e`__, can only create isolate context and doesn't prevent harmful code to damage your computer.\n\nHow it works\n------------\n\nThe module launchs a Node.js REPL server, which can be communicated with JSON. All JavaScript code are encoded in JSON and sent to the server. After the server executing the code in vm2, the result is sent back to Python.\n\nInstall\n-------\n\nYou need Node.js.\n\nhttps://nodejs.org/\n\nInstall node_vm2 from pypi wheel.\n\n.. code-block::\n\n   pip install node_vm2\n\nAlso make sure you have ``node`` executable in ``PATH``, or you can specify the executable with environment variable ``NODE_EXECUTABLE``.\n\nAdditionally, you will need ``npm`` to build node_vm2 from source.\n\nUsage\n-----\n\nMost of the APIs are bound to `vm2 \u003chttps://github.com/patriksimek/vm2\u003e`__.\n\nSimple eval:\n\n.. code-block:: python\n\n   from node_vm2 import eval\n   \n   print(eval(\"['foo', 'bar'].join()\"))\n   \nUse VM:\n\n.. code-block:: python\n\n   from node_vm2 import VM\n   \n   with VM() as vm:\n      vm.run(\"\"\"\n         var sum = 0, i;\n         for (i = 0; i \u003c 10; i++) sum += i;\n      \"\"\")\n      print(vm.run(\"sum\"))\n      \nUse NodeVM:\n\n.. code-block:: python\n\n   from node_vm2 import NodeVM\n   \n   js = \"\"\"exports.greet = name =\u003e console.log(`Hello ${name}!`);\"\"\"\n   \n   with NodeVM.code(js) as module:\n      module.call_member(\"greet\", \"John\")\n      \nIt is possible to do async task with Promise:\n\n.. code-block:: python\n\n   from datetime import datetime\n   from node_vm2 import NodeVM\n\n   js = \"\"\"\n   exports.test = () =\u003e {\n      return new Promise(resolve =\u003e {\n         setTimeout(() =\u003e {\n            resolve(\"hello\")\n         }, 3000);\n      });\n   };\n   \"\"\"\n   with NodeVM.code(js) as module:\n      print(datetime.now())\n      print(module.call_member(\"test\"))\n      print(datetime.now())\n      \nIf you like to allow the VM to crash your server (e.g. ``process.exit()``), you should create the VM in a separate server so it won't affect other VMs:\n\n.. code-block:: python\n\n   from node_vm2 import VMServer, VM\n\n   with VMServer() as server:\n      with VM(server=server) as vm:\n         # now the vm is created in a new server\n         print(vm.run(\"1 + 2 + 3\"))\n\nAPI reference\n-------------\n\nhttp://node-vm2.readthedocs.io/\n\nChangelog\n---------\n\n- 0.4.6 (Oct 23, 2023)\n\n  - **Change: add deprecation warning.**\n  - Update vm2 to 3.9.19.\n\n- 0.4.5 (Sep 1, 2022)\n\n  - Update vm2 to 3.9.11.\n\n- 0.4.4 (Mar 14, 2022)\n\n  - Update vm2 to 3.9.9.\n\n- 0.4.3 (Feb 15, 2022)\n\n  - Update vm2 to 3.9.7.\n\n- 0.4.2 (Feb 9, 2022)\n\n  - Update vm2 to 3.9.6.\n\n  - Fix: filename is optional.\n\n-  0.4.1 (Oct 20, 2021)\n\n   -  Update vm2 to 3.9.5.\n\n-  0.4.0 (Sep 2, 2021)\n\n   -  Update vm2 to 3.9.3.\n   -  **Change: throw VMError when failed running node.**\n\n-  0.3.7 (Mar 23, 2020)\n\n   -  Update vm2 to 3.9.0.\n\n-  0.3.6 (Apr 22, 2019)\n\n   -  Update vm2 to 3.8.0. Fix security issues.\n\n-  0.3.5 (Feb 10, 2019)\n\n   -  Update vm2 to 3.6.10. Fix security issues.\n\n-  0.3.4 (Aug 10, 2018)\n\n   -  Update vm2 to 3.6.3. Fix security issues.\n\n-  0.3.3 (Jul 23, 2018)\n\n   -  Fix: don't bundle dev dependencies.\n\n-  0.3.2 (Jul 23, 2018)\n\n   -  Fix: getting a freezed object would crash the server.\n   -  Update vm2 to 3.6.2. Fix security issues.\n\n-  0.3.1 (Apr 25, 2017)\n   \n   -  Add ``command`` arg to ``VMServer``.\n   -  Fix: A dead default server is created if process spawning failed.\n\n-  0.3.0 (Apr 23, 2017)\n\n   -  **Change: use event queue to handle console redirects.**\n   -  Reconize object thrown by VM which doesn't inherit built-in Error.\n\n-  0.2.0 (Mar 25, 2017)\n\n   -  **Drop NodeBridge.**\n   -  Add VMServer.\n   -  **Make all VMs share a default VMServer.**\n   -  **Method rename: VM.connect -\u003e VM.create, VM.close -\u003e VM.destroy.**\n\n-  0.1.0 (Mar 23, 2017)\n\n   -  First release\n   \n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feight04%2Fnode_vm2","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feight04%2Fnode_vm2","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feight04%2Fnode_vm2/lists"}