Skip to main content
1

Install

npm install secure-exec
2

Create a runtime

A NodeRuntime executes JavaScript in an isolated V8 sandbox with its own virtual filesystem, module system, and permissions.
import {
  NodeRuntime,
  createNodeDriver,
  createNodeRuntimeDriverFactory,
} from "secure-exec";

const runtime = new NodeRuntime({
  systemDriver: createNodeDriver(),
  runtimeDriverFactory: createNodeRuntimeDriverFactory(),
});
3

Run code

Use runtime.run() to execute JavaScript and get back exported values. Use runtime.exec() for process-style execution with stdout/stderr observation, per-call environment overrides, and automation loops.
import {
  NodeRuntime,
  createNodeDriver,
  createNodeRuntimeDriverFactory,
} from "secure-exec";

const runtime = new NodeRuntime({
  systemDriver: createNodeDriver(),
  runtimeDriverFactory: createNodeRuntimeDriverFactory(),
});

const result = await runtime.run<{ message: string }>(
  `export const message = "hello from secure-exec";`
);

console.log(result.exports?.message); // "hello from secure-exec"

runtime.dispose();

Kernel API

For multi-process workloads (shell commands, child processes, inter-process communication), use the kernel API. This requires both a Node.js runtime and a shell runtime (WasmVM). 
import {
  createKernel,
  createInMemoryFileSystem,
  createNodeRuntime,
} from "secure-exec";

const kernel = createKernel({
  filesystem: createInMemoryFileSystem(),
});
await kernel.mount(createNodeRuntime());

// spawn() runs a command directly (no shell needed)
const proc = kernel.spawn("node", ["-e", "console.log('hello')"], {
  onStdout: (data) => process.stdout.write(data),
});
await proc.wait();

await kernel.dispose();

Next steps

SDK Overview

Full tour of the API surface and core concepts.

Permissions

Control filesystem, network, and process access.

Security Model

Trust boundaries, timing hardening, and resource limits.