incompatible with core-js

[ziofat]

I have been encountered an issue when I called compartment.evaluate after lockdown.

Uncaught (in promise) TypeError: Cannot delete property 'arguments' of function toString() {
  return typeof this == 'function' && this[SRC] || $toString.call(this);
}

I've found that code is from core-js, which might bundled in other libraries I am using. Is there a way to solve this?

I am trying to run a 3rd party code in my app:

lockdown();

const compartment = new Compartment({
  print: harden(console.log),
});
const addon = compartment.evaluate(code);

[kriskowal]

This is a common compatibility problem. core-js exceeds the bounds set by SES lockdown and would need to be elevated to the status of a “vetted shim”. We have not finished implementing a strategy for incorporating vetted shims in applications, but we plan to.

Vetted shims would need to participate in lockdown explicitly, not just providing the code that monkey-patches the environment, but also inform lockdown of the properties of the environment that it is adding.

[kriskowal]

#318 tracks the issue of adding support for vetted shims.

The “taming compat” label tracks issues with libraries that do not coöperate with SES.

We will refer here for conversations about core-js in the future.