Secure EcmaScript Shim (SES-shim)

Secure EcmaScript (SES) is an execution environment which provides fine-grained sandboxing via Compartments.

• Compartments Compartments are separate execution contexts: each one has its own global object and global lexical scope.
• Frozen realm Compartments share their intrinsics to avoid identity discontinuity. By freezing the intrinsics, SES removes programs abilities to interfere with each other.
• Strict mode SES enables JavaScript strict mode which enhances security, for example by changing some silent errors into throw errors.
• POLA (Principle of Least Authority) By default, Compartments receive no ambient authorithy. They are created without host-provided APIs, (for example no XMLHttpRequest).

Learn about the SES specification.

Learn how to use SES in your own project.

Documentation

Installation

This monorepo contains several packages, but project will most likely use either

ses

@agoric/harden

Packages

All packages maintained with this monorepo are listed below.

| Package | Version |Description | | - | - | - | |

ses

@agoric/harden

Examples

Contributing

Branches

master

• Latest development code.

0.6-stable

• Original SES code which was build on the realm-shim and still releasable:

$ git checkout 0.6-stable
$ cd packages/ses
$ npm install
$ npm run build

src/index.js → dist/ses.esm.js, dist/ses.cjs.js...
created dist/ses.esm.js, dist/ses.cjs.js in 220ms
src/index.js → dist/ses.umd.js...
created dist/ses.umd.js in 204ms

Bug Disclosure

Please help us practice coordinated security bug disclosure, by using the instructions in our security guide to report security-sensitive bugs privately.

For non-security bugs, please use the regular Issues page.

License

SES is Apache 2.0 licensed.