runInThisContext - Node documentation
function runInThisContext

Usage in Deno

import { runInThisContext } from "node:vm";
runInThisContext(
code: string,
options?: RunningCodeOptions | string,
): any

vm.runInThisContext() compiles code, runs it within the context of the current global and returns the result. Running code does not have access to local scope, but does have access to the current global object.

If options is a string, then it specifies the filename.

The following example illustrates using both vm.runInThisContext() and the JavaScript eval() function to run the same code:

const vm = require('node:vm');
let localVar = 'initial value';

const vmResult = vm.runInThisContext('localVar = "vm";');
console.log(`vmResult: '${vmResult}', localVar: '${localVar}'`);
// Prints: vmResult: 'vm', localVar: 'initial value'

const evalResult = eval('localVar = "eval";');
console.log(`evalResult: '${evalResult}', localVar: '${localVar}'`);
// Prints: evalResult: 'eval', localVar: 'eval'

Because vm.runInThisContext() does not have access to the local scope,localVar is unchanged. In contrast, eval() does have access to the local scope, so the value localVar is changed. In this wayvm.runInThisContext() is much like an indirect eval() call, e.g.(0,eval)('code').

Example: Running an HTTP server within a VM

When using either script.runInThisContext() or runInThisContext, the code is executed within the current V8 global context. The code passed to this VM context will have its own isolated scope.

In order to run a simple web server using the node:http module the code passed to the context must either call require('node:http') on its own, or have a reference to the node:http module passed to it. For instance:

'use strict';
const vm = require('node:vm');

const code = `
((require) => {
  const http = require('node:http');

  http.createServer((request, response) => {
    response.writeHead(200, { 'Content-Type': 'text/plain' });
    response.end('Hello World\\n');
  }).listen(8124);

  console.log('Server running at http://127.0.0.1:8124/');
})`;

vm.runInThisContext(code)(require);

The require() in the above case shares the state with the context it is passed from. This may introduce risks when untrusted code is executed, e.g. altering objects in the context in unwanted ways.

Parameters

code: string

The JavaScript code to compile and run.

optional
options: RunningCodeOptions | string

Return Type

any

the result of the very last statement executed in the script.