Hardened JavaScript Security
Build distributed and decentralized applications with an object capability security model, using OCapN and HardenedJS.
A distributed secure computing platform that enables safe execution of untrusted code through object capability security and hardened JavaScript environments.
Unlike traditional security approaches, Endo implements object capability security where authority is represented by unforgeable references to objects both locally and over a network.
Components only get the permissions they absolutely need.
Stretch object capability security between processes and peers, using a familiar, pipelinable, and transport-agnostic message passing notation based on promises.
Built on TC39 SES specification for secure JavaScript.
Our bundler seamlessly weaves old and new modules with a modern bundler, and executes them in isolated, HardenedJS compartments.
// Principle of Least Authority
// Enforce widely adopted best practices.
// E.g., forbid modification to Object.prototype.
import 'ses';
lockdown();
// Make a safe space.
const compartment = new Compartment();
// Grant some limited authority.
compartment.globalThis.request = () => {};
harden(compartment.globalThis);
compartment.evaluate(yourWorstNightmare);
// Object capabilities
const CounterShape = M.interface('Counter', {
incr: M.call().returns(M.number()),
});
export const counterExample = () => {
let counter = 0;
return makeExo('Counter', CounterShape, {
incr() {
counter += 1;
return counter;
},
});
};
const counter = makeCounter();
// Then, elsewhere:
await E(counter).incr();
// Standards-Based Hardening
import { makeCompartment } from 'endo';
const compartment = makeCompartment({
globals: { console },
transforms: [hardenTransform],
});
// Safe execution of untrusted code
const result = compartment.evaluate(`
// This code runs in isolation
const data = processUserInput(input);
return sanitize(data);
`);
// Support for CommonJS modules
$ bundle-source main.js > main-bundle.json
import { importBundle } from '@endo/import-bundle';
const namespace = await importBundle(bundle, {
endowments: harden({
request: () => {},
}),
});
Discover how Endo’s innovative approach enables safer, more reliable distributed computing
Fine-grained security through unforgeable object references, eliminating ambient authority.
Compartment, lockdown, and harden: all you need to maintain a secure perimeter while safely running arbitrary JavaScript programs.
Isolated code execution with controlled communication channels and limited authority.
Build distributed applications with secure message passing across network boundaries.
Create modular applications where components interact safely without compromising security.
Built on TC39 standards including SES and emerging JavaScript security specifications.
See how leading organizations use Endo to build secure, distributed applications
Secure plugin architecture using Endo's compartmentalization for safe third-party code execution.
Smart contract platform built on Endo's secure JavaScript execution for DeFi applications.
Reference implementation of the SES specification for hardened JavaScript environments.
I'm working on a core-eval that's essentially one 20 line function. With comments and such, 2415 bytes. But because it imports E, the bundle is 10x that size:…
Read conversation →While using SES, I’ve found it unclear which responsibilities fall on the developer. Since SES operates on a Trusted Compute Base (TCB), issues like out-of-memory (OOM) attacks, which…
Read conversation →Hello everyone, based on the release notes (from version 1.12.0) it seems that endo-ses doesn't throw a ReferenceError anymore when trying to access variables that don't exist but…
Read conversation →My understanding as to why html comments are censored is because they are confusing to the user, but not that they can't be confined. Is this correct? The…
Read conversation →Get involved in the community. Join the mailing list, listen in on a meeting, or request access to one of our online gatherings
Join our weekly community calls to stay connected with the Endo platform and the SES engineering effort. The Endo Sync focuses on project priorities, updates, and coordination across workstreams, while the SES Call dives into secure JavaScript patterns, experiments, and capability-based design. Open to all contributors, developers, and anyone interested in the evolution of secure, composable infrastructure.
A regular working session of ECMA TC39’s TG3 subgroup focused on JavaScript security. Participants collaborate on proposals, threat models, and mechanisms to strengthen the ECMAScript platform. Open to invited experts and contributors engaged in the secure evolution of the language.
Join the growing community of developers building the next generation of secure, distributed applications with Endo’s revolutionary security model.
