js tooling to help prevent attacks from evil dependencies.
webpack plugin for creating bundles protected by the LavaMoat kernel.
kumavis
/ createModuleInspector.js
Created
August 19, 2020 02:25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const { builtinModules: builtinPackages } = require('module') | |
| // [email protected] | |
| const { createModuleInspector } = require('lavamoat-core') | |
| const inspector = createModuleInspector({ | |
| // used to see if this imports builtins | |
| isBuiltin: (name) => builtinPackages.includes(name), | |
| // adds some notes on ses compat, etc | |
| includeDebugInfo: true, | |
| }) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const { makeStringTransform } = require('browserify-transform-tools') | |
| module.exports = makeStringTransform('lavamoat-browserify-workarounds', { excludeExtension: ['.json'] }, (content, _, cb) => { | |
| const result = content | |
| // fix html comments | |
| .split('-->').join('-- >') | |
| // fix direct eval | |
| .split(' eval(').join(' (eval)(') | |
| .split('\neval(').join('\n(eval)(') |
kumavis
/ gist:cfec971e3224252f038a8ae575925b3e
Last active
December 5, 2019 14:08
more javascript hijinks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > x = 'hello' | |
| 'hello' | |
| > x.toString = () => 'ayy' | |
| [Function] | |
| > x.valueOf = () => 'yoo' | |
| [Function] | |
| > x | |
| 'hello' | |
| > x+'' | |
| 'hello' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _then = Promise.prototype.then | |
| // [Function: then] | |
| Promise.prototype.then = function(){ console.log('then!'); return _then.apply(this, arguments); } | |
| // [Function (anonymous)] | |
| p = new Promise(resolve => resolve()) | |
| // Promise { undefined } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const provider = polyfillJsonRpcBatchAsBatchTx(inpageProvider) | |
| function polyfillJsonRpcBatchAsBatchTx (oldProvider) { | |
| const newProvider = { sendAsync } | |
| return newProvider | |
| function sendAsync (req, cb) { | |
| if (Array.isArray(req)) { |
kumavis
/ read-only-membrane.js
Last active
November 19, 2019 06:30
read-only handler for es-membrane
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "use strict" | |
| const { Membrane } = require('es-membrane') | |
| // create raw object to be protected by membrane | |
| const rawObj = { secure: true } | |
| // create membrane to manage interaction | |
| const membrane = new Membrane() |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const { Membrane } = require('es-membrane') | |
| const { defineModule, getRawModule } = createModuleSystem() | |
| // | |
| // define modules | |
| // | |
| // module X | |
| defineModule('x', (require) => { |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // // Called when the user clicks on the browser action. | |
| // chrome.action.onClicked.addListener(function(tab) { | |
| // // No tabs or host permissions needed! | |
| // console.log('Turning ' + tab.url + ' red!'); | |
| // // chrome.tabs.executeScript({ | |
| // // code: 'document.body.style.backgroundColor="red"' | |
| // // }); | |
| // }); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const test = require('tape-promise').default(require('tape')) | |
| const SES = require('../lib/ses.umd.js') | |
| const realm = SES.makeSESRootRealm() | |
| test(async t => { | |
| const globalStore = {} | |
| runModuleA() |