feature request for require.pure(id) or pkg.pure:true
#467
Comments
|
This is a good idea, but we need a SES-like protection to prevent the globals tempering. I need to check what is the status here. |
|
@vdeturckheim My pleasure. But I'm an user land coder, I'm good at |
|
@hax @i5ting @island205 @JacksonTian @justjavac Would you provide some suggestion? 🛩 |
|
@LongTengDao It's a very interesting idea. I plan to first try to figure out whether we can implement it in user land (though I don't know how to achieve point 4.) |
@hax Thank you, predecessor! We usually inevitably use scripts field for self building after install it. We can limit it can only use Point out, if I misunderstand of scripts field. |
@vdeturckheim I can't find information about "SES" by Google, what does that mean? And I found "Chrome Content Scripts" in Electron docs, do you mean that? Thanks!
|
|
@LongTengDao sure, here is a wiki page https://github.com/google/caja/wiki/SES you can also check the current state of the realms proposal on TC39 https://github.com/tc39/proposal-realms |
|
@vdeturckheim Oh, it's cool! Realms is good for plugins of software like vscode. Maybe it's a solution behind require, but I can't see how to use it directly for most module requiring without support of node, am I right? Should we wait realms for meeting this need, or still do it with SES at now? |
|
I found a related repo today: https://github.com/secure-require/secure-require Hope it works, if it's possible in userland. |
|
@vdeturckheim @hax tc39/proposal-shadowrealm#347 realms proposal seems won't do what here said, it's still a sticky problem ( |
|
@LongTengDao Yeah, shadow realms itself can not satisfy what u want in this issue, though it could be the basis of SES in long term. Currently it seems very hard to achieve point 2 without performance burden. |
|
@hax if performance burden is the main problem, then maybe here is a compromise way: imagine an app, has two directly third-party dependency we call them "x" and "y" here, which expeced to be pure, and "x" has 100 dependencies behind it, "y" too. then we can only create two isolated context, one for "x" and all it's dependencies, one for "y" and all it's dependencies, that means there is no need to create 202 isolated contexts. because "pure module" idea mainly protect the main business part, and not intended to promise lib work completely right, including a lib is broken by it's furthur dependencies. above based on that, "performance burden" you said refer mainly to "create context", not for "run in context". if you mainly mean "run in context", I don't know much, I can only imagine that by "Proxy", I think a cost like "Proxy" is not "too heavy"? |
|
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
|
still waiting to discuss |
|
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
|
It seems a feature request, feel free to join the Security WG to share your point of view. Honestly, I see it overlapping with #791. |
|
This issue is stale because it has been open many days with no activity. It will be closed soon unless the stale label is removed or a comment is made. |
Feature request.
Most third part module we are using are pure function things. If we can control that (when we require them even install them), then maybe most security problems could under control easily?
"pure module require" means:
fs,netnative module.Buffer.allocUnsafe,child_processAPI.pkg.scriptsfield actions will have no chance to attack the computer.soft additional design objective:
The text was updated successfully, but these errors were encountered: