Secure EcmaScript - MetaMask/metamask-snaps-beta GitHub Wiki
We are using Secure Ecmascript by Agoric to sandbox plugins and limit their access to global scope and prototypes. It is not yet completely production ready, but it is built on Realms, which is a standards-track browser API.
You can watch a wonderful video exploring the motivations and approach they took here.
The underlying Realms shim is already in use in production at Salesforce, building confidence in its approach.
When building with the mm-plugin build
script, you will occasionally hit errors related to loading your scripts into the SES environment. This is usually caused by one of your dependencies trying to access a global API, or overwriting the prototype of a "primordial" like String
or Object
, or doing some other "clever" thing with the JavaScript environment. Sometimes the only way to fix these issues is to submit changes to those dependencies. Other times you may need to open issues on the SES repo itself.
The good news is that generally these fixes encourage better development practices all around, and increase security of your dependencies, so consider this a moment to ensure your plugin code has the highest possible hygiene.