Internal changes and security improvements

Author: XmiliaH

.editorconfig

@@ -7,3 +7,6 @@ indent_size = 4
 end_of_line = lf
 insert_final_newline = true
 trim_trailing_whitespace = true
+
+[/lib/events.js]
+indent_size = 2

.eslintignore

@@ -1 +1,3 @@
-/test.js
+/test.js
+/node-*
+/lib/events.js

CHANGELOG.md

@@ -1,8 +1,12 @@
+v3.9.6 (TBD)
+-------------------
+[fix] Security fixes (XmiliaH)  
+
 v3.9.5 (2021-10-17)
 -------------------
-[new] Editor config (aubelsb2)
-[fix] Fix for Promise.then breaking
-[fix] Fix for missing properties on CallSite
+[new] Editor config (aubelsb2)  
+[fix] Fix for Promise.then breaking  
+[fix] Fix for missing properties on CallSite  
 
 v3.9.4 (2021-10-12)
 -------------------

LICENSE.md

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2014-2021 Patrik Simek and contributors
+Copyright (c) 2014-2022 Patrik Simek and contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

README.md

@@ -21,6 +21,8 @@ export interface VMRequire {
   mock?: any;
   /* An additional lookup function in case a module wasn't found in one of the traditional node lookup paths. */
   resolve?: (moduleName: string, parentDirname: string) => string;
+  /** Custom require to require host and built-in modules. */
+  customRequire?: (id: string) => any;
 }
 
 /**
@@ -56,8 +58,14 @@ export interface VMOptions {
   wasm?: boolean;
   /**
    * If set to `true` any attempt to run code using async will throw a `VMError` (default: `false`).
+   * @deprecated Use ``allowAsync` instead
    */
   fixAsync?: boolean;
+
+  /**
+   * If set to `false` any attempt to run code using async will throw a `VMError` (default: `true`).
+   */
+  allowAsync?: boolean;
 }
 
 /**
@@ -84,6 +92,8 @@ export interface NodeVMOptions extends VMOptions {
 	 * This object will not be copied and the script can change this object.
    */
   env?: any;
+  /** Run modules in strict mode. Required modules are always strict. */
+  strict?: boolean;
 }
 
 /**
@@ -98,9 +108,7 @@ export class VM {
   /** Timeout to use for the run methods */
   timeout?: number;
   /** Runs the code */
-  run(js: string, path?: string): any;
-  /** Runs the VMScript object */
-  run(script: VMScript): any;
+  run(script: string|VMScript, options?: string|{filename?: string}): any;
   /** Runs the code in the specific file */
   runFile(filename: string): any;
   /** Loads all the values into the global object with the same names */
@@ -146,9 +154,7 @@ export class NodeVM extends EventEmitter implements VM {
   /** Only here because of implements VM. Does nothing. */
   timeout?: number;
   /** Runs the code */
-  run(js: string, path?: string): any;
-  /** Runs the VMScript object */
-  run(script: VMScript): any;
+  run(js: string|VMScript, options?: string|{filename?: string, wrapper?: "commonjs" | "none", strict?: boolean}): any;
   /** Runs the code in the specific file */
   runFile(filename: string): any;
   /** Loads all the values into the global object with the same names */
@@ -159,6 +165,8 @@ export class NodeVM extends EventEmitter implements VM {
   getGlobal(name: string): any;
   /** Freezes the object inside VM making it read-only. Not available for primitive values. */
   freeze(object: any, name?: string): any;
+  /** Freezes the object inside VM making it read-only. Not available for primitive values. */
+  readonly(object: any): any;
   /** Protects the object inside VM making impossible to set functions as it's properties. Not available for primitive values */
   protect(object: any, name?: string): any;
 }