The vm, or Virtual Machine, module allows you to run arbitrary chunks of code and get a result back. It has a number of features that allow you to change the context in which the code runs. This can be useful to act as a kind of faux sandbox. However, the code is still running in the same Node process, so you should be cautious. vm is similar to eval(), but offers some more features and a better API for managing code. It doesn’t have the ability to interact with the local scope in the way that eval() does, however.

There are two ways to run code with vm. Running the code “inline” is similar to using eval(). The second way is to precompile the code into a vm.Script object. Let’s have a look at Example 5-40, which demonstrates running code inline using vm.

> var vm = require('vm');
> vm.runInThisContext("1+1");
2

So far, vm looks a lot like eval(). We pass some code to it, and we get a result back. However, vm doesn’t interact with local scope in the same way that eval() does. Code run with eval() will behave as if it were truly inline and replaces the eval() method call. But calls to vm methods will not interact with the local scope. So eval() can change the surrounding context, whereas vm cannot, as shown in Example 5-41.

> var vm = require('vm'), ... e = 0, ... v = 0; > eval(e=e+1); 1 > e 1 > vm.runInThisContext('v=v+1'); ReferenceError: v is not defined at evalmachine.<anonymous>:1:1 ...