Skip to content

nobssoftware/guard.js

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
tests
tests
 
 
AUTHORS
AUTHORS
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
guarantee.js
guarantee.js
 
 
guard.js
guard.js
 
 
run-tests.sh
run-tests.sh
 
 

Repository files navigation

Guard.js: Lock Down Sensitive Modules

This is a proof of concept, and a work in progress

Lock down all sensitive operations behind a special token that is passed around only to trusted code.

Example:

// Fail
console.log(process.cwd());

// OK
guard.withPerm(guard.token, {process: {cwd: true}}, () => {
  console.log(process.cwd());
});

The Problem Guard.js Solves

Problem: any 3rd party library you include (or they, or their dependencies, or their dependencies' dependencies, or ...) has immediate full access to your entire system. This leads to:

Malicious packages which steal credentials or other private data, and which have an outsized effect due to the incredibly top-heavy node.js dependency trees.

Work in Progress

We're evaluating whether this approach is even feasible, at all. Maybe it's impossible. Time will tell.

Authors and License

The authors are listed in the AUTHORS file, the license is kept in the LICENSE file.

About

lock down sensitive node.js modules

Resources

Readme

License

AGPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages