https://github.com/dimensiondev/aot-secure-ecmascript
Monorepo of our ahead-of-time implementation of Secure ECMAScript
https://github.com/dimensiondev/aot-secure-ecmascript
Last synced: 10 months ago
JSON representation
Monorepo of our ahead-of-time implementation of Secure ECMAScript
- Host: GitHub
- URL: https://github.com/dimensiondev/aot-secure-ecmascript
- Owner: DimensionDev
- Created: 2022-05-24T13:43:50.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2024-02-11T04:23:06.000Z (about 2 years ago)
- Last Synced: 2025-03-29T18:36:53.913Z (11 months ago)
- Language: TypeScript
- Size: 834 KB
- Stars: 23
- Watchers: 7
- Forks: 1
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Ahead-of-time Secure EcmaScript
The monorepo contains a set of packages that helps adopt [SES](https://github.com/tc39/proposal-ses) in a pre-compiled
way.
## Security Assumptions
This project has the following security assumptions (based on our usage):
1. Environment is already `lockdown()` by [ses](https://github.com/endojs/endo/tree/master/packages/ses).
2. Dynamic code execution (`eval` and `Function`) is not possible (if it is possible, please use the Compartment
provided by [ses](https://github.com/endojs/endo/tree/master/packages/ses)).
3. Files executed are either precompiled into [VirtualModuleRecord][1] or trusted.
## Roadmap
- ✅ `@masknet/static-module-record-swc`: A [swc][2] plugin to transform ES Module into [VirtualModuleRecord][1].
- ✅ `@masknet/compartment`: An eval-less implementation of [Compartment][1].
- ⌛ `@masknet/web-endowments`: Provide common Web APIs, with `AbortSignal` support to cancel out all side
effects within a compartment, and provide attenuations (e.g. limits accessible databases of `indexedDB`, or limit
accessible domains in `fetch`).
- ✅`@masknet/membrane`: A membrane library.
[1]: https://github.com/tc39/proposal-compartments#sketch
[2]: https://github.com/swc-project/swc