Getting Started

SES is a JavaScript package that allows you to run third-party code safely. It runs in Node.js and in the browser.

Installing SES

In Node.js:

npm install ses

In the browser:

<script src="https://unpkg.com/ses"></script>

Try it out

In a Node.js repl, after running npm install ses:

const SES = require('ses');
const s = SES.makeSESRootRealm({consoleMode: 'allow', errorStackMode: 'allow'});
// NOTE: errorStackMode enables confinement breach, do not leave on in production
s.evaluate('1+2'); // returns 3
s.evaluate('1+a', {a: 3}); // returns 4
function double(a) {
  return a*2;
}
const doubler = s.evaluate(`(${double})`);
doubler(3); // returns 6

In the browser after loading SES:

const s = SES.makeSESRootRealm(...);
s.evaluate(...);

Bundlers

SES works with the main bundlers such as Webpack, Browserify, Rollup, and Parcel. Simply install SES using npm and require or import it.

Building from scratch

Clone the SES repo and run npm run-script build, which will create a variety of files under dist/. ses.cjs.js is the CommonJS version of SES, ses.esm.js is the ES6 module version, and ses.umd.js is the UMD version intended for the browser.

Webworkers

Note that the Realm shim currently requires either the Node.js vm module, or a browser’s <iframe> element (it does document.createElement('iframe')), so it won’t work in a DOM-less WebWorker, SharedWorker, or ServiceWorker. If/when the Realms proposal becomes a standard part of Javascript, these environments ought to have a native Realm object available, and SES should work in all of them.