Skip to main content
Network access is deny-by-default. Enable it by setting useDefaultNetwork: true on the system driver and granting the network permission.

Quick setup

import { createNodeDriver, allowAllNetwork } from "secure-exec";

const driver = createNodeDriver({
  useDefaultNetwork: true,
  permissions: { network: allowAllNetwork },
});
The Node adapter supports fetch, DNS lookups, and low-level HTTP requests.

Network adapters

You can provide a custom adapter instead of using useDefaultNetwork: 
import { createNodeDriver, createDefaultNetworkAdapter } from "secure-exec";

const driver = createNodeDriver({
  networkAdapter: createDefaultNetworkAdapter(),
  permissions: { network: true },
});
FactoryEnvironmentCapabilities
createDefaultNetworkAdapter()Nodefetch, DNS, HTTP
createBrowserNetworkAdapter()Browserfetch only

NetworkAdapter interface

MethodReturnsDescription
fetch(url, options?)Promise<FetchResponse>HTTP fetch
dnsLookup(hostname)Promise<DnsResult>DNS resolution
httpRequest(url, options?)Promise<HttpResponse>Low-level HTTP request
httpServerListen?(options)Promise<{ address }>Start a loopback HTTP server
httpServerClose?(serverId)Promise<void>Close a loopback HTTP server

Permission gating

Use a function to filter requests: 
const driver = createNodeDriver({
  useDefaultNetwork: true,
  permissions: {
    network: (req) => {
      // Block internal services
      if (req.hostname.endsWith(".internal")) return false;
      // Block metadata endpoints
      if (req.hostname === "169.254.169.254") return false;
      return true;
    },
  },
});