You can prevent some NODEjs modules to be loaded in your JHS scripts
There are two nodejs modules that you are not allowed to require (they are banned by default) in a JHS script: These are: require ('vm') and require ('jhs'). In addition, you can ban other modules too, by adding a list of names of modules to be banned in the options JSON, when you are creating a JHS instance in your server script.
const JHS = new JHS().instance;
const options = {banned_require:['xx-node','lib-y','alt-z']};
const execjhs = new JHS(options);in this example, node modules (even installed globally or locally in your project) 'xx-node','lib-y','alt-z' (along with 'vm' and 'jhs') are banned in the server. That means, you require any of them in your JHS script, a server error will be thrown (sent) when a webpage (dynamically generated by that JHS script) were requested .
Example: Assume the above list of banned modules is passed to your server. Then, the following JHS script, that you call 'e-1.jhs', will yield an error in the generated webpage:
<?jhs
const liby = require('lib-y')
?>
<!DOCTYPE html>
<html><head><meta charset="utf-8"></head>
<body>
<div style="text-align:center;">
<h1><?jhs echo(liby()) ?></h1>
</div>
</body>
</html>the resulted webpage will be:
<html><head></head>
<body>
{error:true, file:'e-1.jhs', banned_require:'lib-y'};
</body>
</html>the error page will be displayed even the alleged function 'liby()' is not called.
const JHS = require('node-jhs').instantiator;
const options = {levels:3, banned_require:['xx-node','lib-y','alt-z']};
const execjhs = new JHS(options);In this case those modules will be banned in all levels
const JHS = require('node-jhs').instantiator;
const options = {levels:3};
const execjhs = new JHS(options);
execjhs.banModules(2,['xx-node','lib-y','alt-z']);In this case those modules will be banned only in level #2 namespace.