How to safely execute unknown Javascript code in Node.js?

I need to run code supplied by an unknown source which validates or sorts something.

How can I do this safely in Node.js?

Python has RestrictedPython, anything similar?

There is also ADsafe for the browser, but is it usa开发者_如何转开发ble in Node.js?

Node has an excellent tool for this, the node.vm. Basically you can run a script in its own context, effectively sandboxing it.

Of course, since Node runs on a single thread, a harmful script can always shut down your server just by doing:

while (true) {;}

To be completely safe, you need to spawn a new process and use message passing for communication.