The maintainers of vm2 have been honest about its limitations.
They have been explicit that new sandbox bypasses are likely to occur and that vm2 should not be relied on as a sole security control.
It is a welcome trend to see maintainers openly discuss the limitations and security assumptions of their projects.
Later this month, we'll be publishing a write-up on vm2 and the security implications of JavaScript sandboxes. Stay tuned.
Top comments (0)