Secure EcmaScript (SES) is an execution environment which provides fine-grained sandboxing via Compartments.
- Compartments Compartments are separate execution contexts: each one has its own global object and global lexical scope.
- Frozen realm Compartments share their intrinsics to avoid identity discontinuity. By freezing the intrinsics, SES removes programs abilities to interfere with each other.
- Strict mode SES enables JavaScript strict mode which enhances security, for example by changing some silent errors into throw errors.
- POLA (Principle of Least Authority) By default, Compartments receive no ambient authorithy. They are created without host-provided APIs, (for example no XMLHttpRequest).
Learn about the SES specification.
Learn how to use SES in your own project.
This monorepo contains several packages, but project will most likely use either ses or @agoric/harden. Please consult the README from those packages for more details.
All packages maintained with this monorepo are listed below.
| Package | Version | Description |
|---|---|---|
ses |
 |
Secure ECMAScript. |
@agoric/harden |
 |
Build a defensible API surface around an object by freezing all reachable properties. |
- Latest development code.
- Original SES code which was build on the realm-shim and still releasable:
$ git checkout 0.6-stable
$ cd packages/ses
$ npm install
$ npm run build
src/index.js → dist/ses.esm.js, dist/ses.cjs.js...
created dist/ses.esm.js, dist/ses.cjs.js in 220ms
src/index.js → dist/ses.umd.js...
created dist/ses.umd.js in 204ms
Please help us practice coordinated security bug disclosure, by using the instructions in our security guide to report security-sensitive bugs privately.
For non-security bugs, please use the regular Issues page.
SES is Apache 2.0 licensed.