vm2 vs isolated vm
If you're looking for a solution to run untrusted code, you should take a look at awesome isolated-vm library. Here is the list of main differences to help you decide what library to use.
| vm2 | isolated-vm |
|---|---|
| Pure JS library. | Requires compilation. |
| Shares thread with the host. | Runs in a separate thread. |
| Shares JS primitives with the host. | Primitives need to be copied to the isolate and back. |
| Shares Buffer with the host. | Buffers are represented as TypedArrays. |
| Shares JS functions with the host. | To pass a function, you need to create references explicitly. |
| Much easier to use. | Take some time and practice to do things right. |
The main difference is the isolated-vm library runs sandbox in a separate thread from the host. That means it can easily control the memory usage of the sandbox and can also run code in parallel. On the other hand, values passed between host and sandbox needs to be serialized on the host and then deserialized in the isolate. Beside additional performance overhead, that approach has a significant impact on memory usage because primitive values are copied during the process. If you think about batch processing of big data, do run some stress tests before you go to production.