Skip to content

Add option to freeze intrinsics after applications are loaded#340

Merged
kriszyp merged 3 commits intomainfrom
freeze-after-load
Apr 14, 2026
Merged

Add option to freeze intrinsics after applications are loaded#340
kriszyp merged 3 commits intomainfrom
freeze-after-load

Conversation

@kriszyp
Copy link
Copy Markdown
Member

@kriszyp kriszyp commented Apr 12, 2026
edited
Loading

Most packages that modify intrinsics, do so when the module is loaded, not later at run time, which is when intrinsic modification is more likely to be a malicious (triggered by an exploit).
(I tested this with the reflect-metadata package which had caused errors for the host manager, and this avoids those errors).

@kriszyp kriszyp marked this pull request as ready for review April 12, 2026 19:27
@kriszyp kriszyp requested a review from a team as a code owner April 12, 2026 19:27
cb1kenobi
cb1kenobi approved these changes Apr 13, 2026
View reviewed changes
Comment thread resources/blob.ts
export function findBlobsInObject(object: any, callback: (blob: Blob) => void) {
if (object instanceof Blob) {
// eslint-disable-next-line
//
Copy link
Copy Markdown
Contributor

@cb1kenobi cb1kenobi Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blank line? Do we still need the @ts-ignore?

Comment thread security/jsLoader.ts
@kriszyp kriszyp merged commit ac4b4da into main Apr 14, 2026
20 of 22 checks passed
@kriszyp kriszyp deleted the freeze-after-load branch April 14, 2026 18:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cb1kenobi cb1kenobi cb1kenobi approved these changes

@DavidCockerill DavidCockerill DavidCockerill approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@kriszyp @cb1kenobi @DavidCockerill