Executing user-provided code with vm.Script creates a significant security risk. The current sandbox is insufficient - it provides access to the fetch API which could be used to exfiltrate data or make unauthorized requests. Consider implementing more robust sandboxing using isolated-vm or similar libraries, and implement strict timeout mechanisms to prevent infinite loops or resource exhaustion.
Originally posted by @Copilot in #32 (comment)
Executing user-provided code with vm.Script creates a significant security risk. The current sandbox is insufficient - it provides access to the
fetchAPI which could be used to exfiltrate data or make unauthorized requests. Consider implementing more robust sandboxing using isolated-vm or similar libraries, and implement strict timeout mechanisms to prevent infinite loops or resource exhaustion.Originally posted by @Copilot in #32 (comment)