Home / Companies / Harper / Blog / Post Details
Content Deep Dive

Harper v5.0's Upgraded JavaScript Environment

Blog post from Harper

Post Details
Company
Date Published
Author
Kris Zyp
Word Count
1,332
Company Posts That Month
11
Language
English
Hacker News Points
-
Post removed?
No
Summary

Harper v5.0 introduces a revamped JavaScript execution environment that enhances both application-specific contexts and platform security. The update replaces the previous global execution context with Node.js's vm.SourceTextModule API, allowing each application to have its own isolated module graph and context. This separation improves security by mitigating risks like prototype pollution through freezing JavaScript intrinsics and controlling process spawning with an explicit allowlist. Additionally, it restricts unauthorized file access and limits the use of Node.js built-in modules through a specified allowlist. For compatibility, applications can revert to the old native module loader if necessary during migration. These changes address growing concerns over supply chain attacks within the npm ecosystem, aiming to protect against malicious packages and compromised dependencies while maintaining the full capability of Node.js. For enhanced isolation, Harper provides the option of using SES compartments for strict security needs, and the platform's infrastructure further supports security through Docker-based tenant separation.

Trends Found in this Post

No tracked trend matches for this post yet.

Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.