Secure Node.js Execution Without a Sandbox
A lightweight library for secure Node.js execution.
No containers, no VMs — just npm-compatible sandboxing out of the box.
Powered by the same tech as Cloudflare Workers.
Give your AI agent secure code execution
Expose secure-exec as a tool with the Vercel AI SDK. Your agent can execute arbitrary code without risking your infrastructure.
import { generateText, tool } from "ai";
import { anthropic } from "@ai-sdk/anthropic";
import { NodeRuntime, createNodeDriver, createNodeRuntimeDriverFactory } from "secure-exec";
import { z } from "zod";
// Create a sandboxed runtime
const runtime = new NodeRuntime({
systemDriver: createNodeDriver({ permissions: { fs: true, network: true } }),
runtimeDriverFactory: createNodeRuntimeDriverFactory(),
memoryLimit: 64,
cpuTimeLimitMs: 5000,
});
// Expose as an AI SDK tool
const result = await generateText({
model: anthropic("claude-sonnet-4-20250514"),
tools: {
execute: tool({
description: "Run JavaScript in a secure sandbox",
parameters: z.object({ code: z.string() }),
execute: async ({ code }) => {
const logs: string[] = [];
const res = await runtime.exec(code, {
onStdio: (e) => logs.push(e.message),
});
return { exitCode: res.code, output: logs.join("\\n") };
},
}),
},
prompt: "Calculate the first 20 fibonacci numbers",
});Why Secure Exec
Give your AI agent the ability to write and run code safely. Works with the Vercel AI SDK, LangChain, and any tool-use framework.
No infrastructure required
No Docker daemon, no hypervisor, no orchestrator. Runs anywhere Node.js, Bun, or an HTML5 browser runs. Deploy to Lambda, a VPS, or a static site — your existing deployment works.
Node.js & npm compatibility
fs, child_process, http, dns, process, os — bridged to real host capabilities, not stubbed. Run Express, Hono, Next.js, and any npm package.
Compatibility matrix →Built for AI agents
Give your AI agent the ability to write and run code safely. Works with the Vercel AI SDK, LangChain, and any tool-use framework.
Deny-by-default permissions
Filesystem, network, child processes, and env vars are all blocked unless explicitly allowed. Permissions are composable functions — grant read but not write, allow fetch but block spawn.
Configurable resource limits
CPU time budgets and memory caps. Runaway code is terminated deterministically with exit code 124 — no OOM crashes, no infinite loops, no host exhaustion.
Powered by V8 isolates
The same isolation primitive behind Cloudflare Workers for Platforms and every browser tab. Battle-tested at scale by the infrastructure you already trust.
Benchmarks
V8 isolates vs. container-based sandboxes.
Cold startTime to interactive (TTI). Sandbox values use the fastest provider — e2b (best median) from ComputeSDK as of March 2026. Secure Exec measured over 100 iterations × 100 samples. Our benchmarks →
Lower is better
Memory per instanceSecure Exec memory is the converged at-scale average per execution. Sandbox value uses the smallest minimum among popular providers (e2b, Daytona, Modal, Cloudflare) as of March 2026 — 256 MB for Modal and Cloudflare. Our benchmarks →
Lower is better
Cost per execution-secondSandbox value uses the cheapest provider — Cloudflare Containers (256 MB min, billed per second at $0.0000025/GiB·s) as of March 2026. Secure Exec: 3.4 MB baseline (p95) with 30% empty capacity assumed across self-hosted hardware tiers. Our benchmarks → · Full cost breakdown →
Lower is better
Sandbox provider numbers based on published documentation and benchmarks. Secure Exec measured on Intel i7-12700KF, Node.js v24. Methodology → · Cost breakdown →
Secure Exec vs. Sandboxes
Same isolation guarantees, without the infrastructure overhead.
For those about to execute, we salute you.
Install Secure Exec, create a runtime, and execute untrusted code. All in a few lines of TypeScript.
