node官方文檔里提到node的vm模塊可以用來做沙箱環(huán)境執(zhí)行代碼，對代碼的上下文環(huán)境做隔離。

/A common use case is to run the code in a sandboxed environment. The sandboxed code uses a different V8 Context, meaning that it has a different global object than the rest of the code.

先看一個例子

const vm = require('vm');let a = 1;var result = vm.runInNewContext('var b = 2; a = 3; a + b;', {a});console.log(result);  // 5console.log(a);     // 1console.log(typeof b); // undefined

沙箱環(huán)境中執(zhí)行的代碼對于外部代碼沒有產生任何影響，無論是新聲明的變量b，還是重新賦值的變量a。 注意最后一行的代碼默認會被加上return關鍵字，因此無需手動添加，一旦添加的話不會靜默忽略，而是執(zhí)行報錯。

const vm = require('vm');let a = 1;var result = vm.runInNewContext('var b = 2; a = 3; return a + b;', {a});console.log(result);console.log(a);console.log(typeof b);

如下所示

evalmachine.<anonymous>:1var b = 2; a = 3; return a + b;         ^^^^^^SyntaxError: Illegal return statement  at new Script (vm.js:74:7)  at createScript (vm.js:246:10)  at Object.runInNewContext (vm.js:291:10)  at Object.<anonymous> (/Users/xiji/workspace/learn/script.js:3:17)  at Module._compile (internal/modules/cjs/loader.js:678:30)  at Object.Module._extensions..js (internal/modules/cjs/loader.js:689:10)  at Module.load (internal/modules/cjs/loader.js:589:32)  at tryModuleLoad (internal/modules/cjs/loader.js:528:12)  at Function.Module._load (internal/modules/cjs/loader.js:520:3)  at Function.Module.runMain (internal/modules/cjs/loader.js:719:10)

除了runInNewContext外，vm還提供了runInThisContext和runInContext兩個方法都可以用來執(zhí)行代碼 runInThisContext無法指定context

const vm = require('vm');let localVar = 'initial value';​const vmResult = vm.runInThisContext('localVar += "vm";');console.log('vmResult:', vmResult);console.log('localVar:', localVar);console.log(global.localVar);

由于無法訪問本地的作用域，只能訪問到當前的global對象，因此上面的代碼會因為找不到localVal而報錯

evalmachine.<anonymous>:1localVar += "vm";^ReferenceError: localVar is not defined  at evalmachine.<anonymous>:1:1  at Script.runInThisContext (vm.js:91:20)  at Object.runInThisContext (vm.js:298:38)  at Object.<anonymous> (/Users/xiji/workspace/learn/script.js:3:21)  at Module._compile (internal/modules/cjs/loader.js:678:30)  at Object.Module._extensions..js (internal/modules/cjs/loader.js:689:10)  at Module.load (internal/modules/cjs/loader.js:589:32)  at tryModuleLoad (internal/modules/cjs/loader.js:528:12)  at Function.Module._load (internal/modules/cjs/loader.js:520:3)  at Function.Module.runMain (internal/modules/cjs/loader.js:719:10)