js tooling to help prevent attacks from evil dependencies.
webpack plugin for creating bundles protected by the LavaMoat kernel.
. | |
. | |
,d88b, . __..- | |
888888 . .--SEAL:. | |
`?88P' . __ ,'WWII::. | |
.MW:`-. /WWII::.. | |
. _.MWII:'. `. . ,'WII::.. | |
_.-MWII::'. `-. ,'WWI::. | |
. _..vvvv,'WWII::' `.'WII::. | |
,-'WI:'''/WII:'. \WI:. |
#!/usr/bin/env node | |
const { promisify } = require('util') | |
const sass = require('sass') | |
const { promises: fs } = require('fs') | |
const vm = require('vm') | |
// example() | |
// async function example(){ | |
// const vmContext = vm.createContext() |
syncing geth on digital ocean | |
- name: eth2-mainnet-00 | |
- sync time: (failed to sync, bound by disk perf) | |
- region: fra1 | |
- type: s-8vcpu-16gb | |
- primaryDb: attached volume | |
- ancientDb: attached volume | |
- price vps: $0.119/hr | |
- price volume: $0.052/hr 350gb |
https://www.redfin.com/OR/Portland/6109-SW-Thomas-St-97221/home/173018992?utm_source=android_share&utm_medium=share&utm_nooverride=1&utm_content=link | |
https://www.redfin.com/OR/Portland/3246-SW-Cascade-Ter-97205/home/26369492?utm_source=android_share&utm_medium=share&utm_nooverride=1&utm_content=link |
hi guybedford/ | |
i really enjoyed your blog post https://guybedford.com/secure-modular-runtimes.html | |
here's some quick notes comparing your proposal and lavamoat in its current form (https://github.com/lavamoat/lavamoat) | |
these differences represent lavamoat currently, and can easily be changed with input from smart folks like yourself | |
### basic runtime structure | |
[exactly] "this runtime can fully restrict high-level capability access from packages for third-party code running in the same process" | |
[exactly] "That this runtime can support an onramp from the existing JavaScript ecosystems, which is crucial for adoption. " |
const { builtinModules: builtinPackages } = require('module') | |
// [email protected] | |
const { createModuleInspector } = require('lavamoat-core') | |
const inspector = createModuleInspector({ | |
// used to see if this imports builtins | |
isBuiltin: (name) => builtinPackages.includes(name), | |
// adds some notes on ses compat, etc | |
includeDebugInfo: true, | |
}) |
js tooling to help prevent attacks from evil dependencies.
webpack plugin for creating bundles protected by the LavaMoat kernel.
const { makeStringTransform } = require('browserify-transform-tools') | |
module.exports = makeStringTransform('lavamoat-browserify-workarounds', { excludeExtension: ['.json'] }, (content, _, cb) => { | |
const result = content | |
// fix html comments | |
.split('-->').join('-- >') | |
// fix direct eval | |
.split(' eval(').join(' (eval)(') | |
.split('\neval(').join('\n(eval)(') |
> x = 'hello' | |
'hello' | |
> x.toString = () => 'ayy' | |
[Function] | |
> x.valueOf = () => 'yoo' | |
[Function] | |
> x | |
'hello' | |
> x+'' | |
'hello' |