Secure Javascript Environment Using Membranes

This is an experimental library to demonstrate that it is possible to use membranes to secure the object graph of a javascript environment without introducing identity discontinuity.

# Goals - The secure environment must have its own set of intrinsics. - Code executed inside the secure environment cannot observe the sandbox. - Mutations on the object graph should only affect the secure environment.

# Non-goals

- Poisoning is still possible via the membrane by providing object-likes through the membrane that could be used by the outer realm to perform an operation that leaks primitive values that are relevant. - This library does not provide security guarantees, those must be implemented on top of the distortion mechanism.

# Where can I use this library? We do not know the applications of this library just yet, but we suspect that there are many scenarios where it can be useful. Here are some that we have identified: - Sandbox for polyfills: if you need to evaluate code that requires different set of polyfills and environment configuration, you could sandbox it. - Limiting capabilities: if you need to evaluate code that should not have access to certain capabilities (global objects, getter, setters, etc.) you could sandbox it with a set of distortions and a whitelist of global properties. - Time-sensitive: If you need to evaluate code that should not observe time or should simulate a different time-frame, you should sandbox it with a set of distortions that can adjust the timers.

# Challenges - Debugging is still very challenging considering that dev-tools are still caching up with the Proxies. Chrome for example has differences displaying proxies in the console vs the watch panel.

# Open Questions - Should we proxify Arrays objects to support live Arrays? - There is not a clear boundary on what can be mutated and what not through the membrane.

# Browsers Support and Stats - Modern browsers with support for ES6 Proxy - This library: ~3kb minified/gzip for browsers, ~2kb for node (no external dependencies).

# Code

And more github