Secure EcmaScript (SES) is an execution environment which provides fine-grained sandboxing via Compartments.
- Compartments Compartments are separate execution contexts: each one has its own global object and global lexical scope.
- Frozen realm Compartments share their intrinsics to avoid identity discontinuity. By freezing the intrinsics, SES removes programs abilities to interfere with each other.
- Strict mode SES enables JavaScript strict mode which enhances security, for example by changing some silent errors into throw errors.
- POLA (Principle of Least Authtorithy) By default, Compartments received no ambient authorthy. They are created without host-provided APIs, (for example no XMLHttpRequest).
Learn about the SES specification.
Learn how to use SES in your own project.
All packages maintained with this monorepo are listed below.
| Package | Version | Description |
|---|---|---|
ses |
Secure ECMAScript. | |
@agoric/harden |
Build a defensible API surface around an object by freezing all reachable properties. | |
@agoric/make-hardener |
Create a 'hardener' which freezes the API surface of a set of objects. |
Please help us practice coordinated security bug disclosure, by using the instructions in our security guide to report security-sensitive bugs privately.
For non-security bugs, please use the regular Issues page.
SES is Apache 2.0 licensed.