问题
- Is vm.runInNewContext considered black magic like
eval? - Is there a
significant performance difference between
requireand reading a file and usingvmto run it or is the the same under the hood (if you implemented caching etc and just wanted to add some variables to the context)
回答1:
runInNewContext is not meant to be used as a replacement of require or eval, but instead as a way to create a sandbox environment where you can safely run other scripts.
Disadvantages are that it's slow (creation takes ~10 ms.) and takes up a couple megabytes. So no, don't use it as a require replacement.
回答2:
If you check out the code that implements loading Modules in node.js, you'll see that require uses vm.runInNewContext or vm.runInThisContext under the hood. The require however, does some other extra things, like caching the module.
The node documentation shows how the behavior is similar and different between the vm commands and eval.
So, require, eval and vm are all a little bit different, but all can be used to load code. They all have similar security issues if you are loading arbitrary code that comes from the client.
来源:https://stackoverflow.com/questions/9867069/node-js-vm-runinnewcontext-vs-require-and-eval