Security

This page aims to provide a comprehensive look at the security considerations that were taken when designing this learning resource.

Under normal circumstances, a user is presented with a TypeScript editor containing code that is open-source on GitHub and fully-verifiable. The code review process is intended to catch situations where unsafe code is presented for evaluation in a user's browser.

Users cannot share files

The threat vector presented by running truly unsafe files from arbitrary user input (e.g. allowing users to share code snippets with each other) is eliminated by not allowing arbitrary user input.

All execution in a Web Worker

All untrusted JavaScript evaluation takes place in a Web Worker. Certain node libraries like fs, http, child_process, etc have "synthetic implementations" which provide deep introspection and helpful user interfaces to display how these libraries operate.