Microservice for secure JavaScript code execution in an isolated environment using isolated-vm. Ideal for use as a code execution backend, sandbox, or integration with systems that need to evaluate JS in a controlled way.
- Executes JavaScript code securely and in isolation
- Configurable memory and execution time limits
- Blocks dangerous patterns (require, import, process, global, console.log)
- Endpoints protected by secret header and origin validation
- Healthcheck endpoint for monitoring
Executes JS code sent in the request body.
Required headers:
X-API-Secret: secret key defined in theJS_EXECUTOR_SECRETenvironment variableContent-Type:application/json
Body:
{
"code": "return 1 + 1;"
}Response:
{
"result": 2
}Returns the service status. Also requires authentication.
- Copy
.env.exampleto.envand adjust variables if needed. - Run:
docker-compose up --build
- The service will be available at
http://localhost:3217.
JS_EXECUTOR_SECRET: secret key for authentication (required)ALLOWED_ORIGINS: allowed origins for requests (optional)
Use the server-test.bash script to test all endpoints and use cases:
bash server-test.bash- Isolated execution with memory limit
- Blocks dangerous patterns
- Mandatory authentication
- Origin validation