Need help with SES-shim?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

160 Stars 13 Forks Apache License 2.0 1.6K Commits 124 Opened issues


SES (Secure EcmaScript) is a secure runtime for executing third-party code safely

Services available


Need anything else?

Contributors list

Secure EcmaScript Shim (SES-shim)

build status contributing license

Secure EcmaScript (SES) is an execution environment which provides fine-grained sandboxing via Compartments.

  • Compartments Compartments are separate execution contexts: each one has its own global object and global lexical scope.
  • Frozen realm Compartments share their intrinsics to avoid identity discontinuity. By freezing the intrinsics, SES removes programs abilities to interfere with each other.
  • Strict mode SES enables JavaScript strict mode which enhances security, for example by changing some silent errors into throw errors.
  • POLA (Principle of Least Authority) By default, Compartments receive no ambient authorithy. They are created without host-provided APIs, (for example no XMLHttpRequest).

Learn about the SES specification.

Learn how to use SES in your own project.



This monorepo contains several packages, but project will most likely use either

. Please consult the README from those packages for more details.


All packages maintained with this monorepo are listed below.

| Package | Version |Description | | - | - | - | |

| npm | Secure ECMAScript. | |
| npm | Build a defensible API surface around an object by freezing all reachable properties. |





  • Latest development code.


  • Original SES code which was build on the realm-shim and still releasable:
$ git checkout 0.6-stable
$ cd packages/ses
$ npm install
$ npm run build

src/index.js → dist/ses.esm.js, dist/ses.cjs.js... created dist/ses.esm.js, dist/ses.cjs.js in 220ms

src/index.js → dist/ses.umd.js... created dist/ses.umd.js in 204ms

Bug Disclosure

Please help us practice coordinated security bug disclosure, by using the instructions in our security guide to report security-sensitive bugs privately.

For non-security bugs, please use the regular Issues page.


SES is Apache 2.0 licensed.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.