freeze doesn't work on Array methods (shift, pop, etc)

[poef]

running node v18.15.0
if i have this code:

import {VM} from 'vm2'
const vm = new VM({
	allowAsync: false,
	wasm: false
})
let result = [1,2,3]
vm.freeze(result, 'data')

I expect that this will fail:

vm.run(`
data.pop()
`)

However, the array is changed and if I run it multiple times, I get 3, 2 then 1 as a result.

[XmiliaH]

Freeze does only stop the sandbox from manipulating the object. The pop method is from the host and is allowed to manipulate the array.

[poef]

Hi, I understand your explanation about why the vm.freeze() call doesn't work on Array.pop() here. However, given the documentation of freeze(), I would expect the data to be immutable. Since pop() alters the array, it isn't immutable.
So the freeze() function doesn't turn arrays immutable, which I believe it should.

[XmiliaH]

If you want to make the array immutable just use Object.freeze.

[poef]

I would politely suggest to rename 'freeze' to something else, or at least update the documentation so that it tells people that it doesn't actually freeze the data entirely. As it is now, the behaviour is rather surprising. And yes, I did use Object.freeze to fix it.

BTW, thank you for your work on VM2, I really like how simple it is to use this library.