Run securely untrusted code with whitelisted Node modules

Usage no npm install needed!

<script type="module">
  import easyVm from 'https://cdn.skypack.dev/easy-vm';



easy-vm is a simple Node.js library which helps with running securely untrusted code with whitelisted Node modules.


$ npm install easy-vm

Quick example

const EasyVM = require('easy-vm');

const vm = new EasyVM({
  console: true,
  sandbox: {
    test: 'A test variable'
  require: {
    builtin: ['fs'],
    mock: {
      fs: {
        readFile: (path: string) => {
          console.log("Nice try!");

  const fs = require('fs');
  fs.readFile(''); // Outputs: Nice try!
  console.log(test); // Outputs: A test variable


Class EasyVM

An EasyVM can be used to create a sandbox.

new EasyVM(options)

  • options VMOptions
    • console boolean - Whether to enable console in the sandbox or not.
    • sandbox object - A global object in VM
    • require VMRequireOptions | false - False to disable require or object to enable require with options.
      • builtin string[] - Array of allowed builtin modules, Use ['*'] to accept all.
      • mock object - Collection of mocked Node modules.


EasyVM.run(code, filename)

  • code string
  • filename string (optional) - Path to which Node's require() relates.