| title | Resource Limits |
|---|---|
| description | CPU time, memory, and payload size controls. |
| icon | gauge |
Resource limits prevent sandboxed code from running forever or exhausting host memory.
import {
NodeRuntime,
createNodeDriver,
createNodeRuntimeDriverFactory,
} from "../../../packages/secure-exec/src/index.ts";
const runtime = new NodeRuntime({
systemDriver: createNodeDriver(),
runtimeDriverFactory: createNodeRuntimeDriverFactory(),
memoryLimit: 64,
cpuTimeLimitMs: 100,
});
try {
const safeRun = await runtime.exec(`
console.log("resource-limits-ok");
`);
const timedOut = await runtime.exec("while (true) {}");
const success =
safeRun.code === 0 &&
timedOut.code === 124 &&
(timedOut.errorMessage?.includes("CPU time limit exceeded") ?? false);
console.log(
JSON.stringify({
ok: success,
safeCode: safeRun.code,
timeoutCode: timedOut.code,
errorMessage: timedOut.errorMessage,
summary: "normal code completed and an infinite loop hit the CPU limit",
}),
);
} finally {
runtime.dispose();
}Source: examples/features/src/resource-limits.ts
Set a CPU time budget in milliseconds. When exceeded, the execution exits with code 124.
const runtime = new NodeRuntime({
systemDriver: createNodeDriver(),
runtimeDriverFactory: createNodeRuntimeDriverFactory(),
cpuTimeLimitMs: 5000, // 5 seconds
});
const result = await runtime.exec("while (true) {}");
console.log(result.code); // 124
console.log(result.errorMessage); // "CPU time limit exceeded"You can also override per execution:
await runtime.exec("while (true) {}", {
cpuTimeLimitMs: 1000, // tighter limit for this call
});Cap isolate memory in MB. Default is 128.
const runtime = new NodeRuntime({
systemDriver: createNodeDriver(),
runtimeDriverFactory: createNodeRuntimeDriverFactory(),
memoryLimit: 64, // 64 MB
});The bridge enforces size limits on data crossing the isolate boundary. Oversized payloads are rejected with ERR_SANDBOX_PAYLOAD_TOO_LARGE instead of exhausting host memory.
const runtime = new NodeRuntime({
systemDriver: createNodeDriver(),
runtimeDriverFactory: createNodeRuntimeDriverFactory(),
payloadLimits: {
base64TransferBytes: 10 * 1024 * 1024, // 10 MB for file transfers
jsonPayloadBytes: 5 * 1024 * 1024, // 5 MB for JSON payloads
},
});Hosts can tune these limits within bounded safe ranges but cannot disable enforcement.
High-resolution timers are frozen by default to mitigate timing side-channel attacks.
// Default: frozen timers
const secure = new NodeRuntime({
systemDriver: createNodeDriver(),
runtimeDriverFactory: createNodeRuntimeDriverFactory(),
timingMitigation: "freeze", // default
});
// Opt out for Node-compatible advancing clocks
const compatible = new NodeRuntime({
systemDriver: createNodeDriver(),
runtimeDriverFactory: createNodeRuntimeDriverFactory(),
timingMitigation: "off",
});In "freeze" mode:
Date.now()andperformance.now()return frozen values within an executionprocess.hrtime()andprocess.uptime()follow the hardened pathSharedArrayBufferis unavailable
See the Security Model for more on timing hardening and trust boundaries.