I’m writing a Node app that allows users to execute arbitrary javascript code – sort of an “internal API” / business flow that extends beyond the regular UI.

I’m looking for a sandbox environment that offers the following:

• Separate execution without spawning an entirely new thread – this would be run by thousands of users, I’d prefer to stick with anonymous functions that have no access to the parent call stack… OR… in the event of threads… the ability to spawn across multiple servers.

• Syntax checking that throws Exceptions on parse/exec errors vs. crashing the entire app.

• The ability to disable functions/var access. I’m trying to prevent access to Node’s I/O… so a user can’t turn this into a DoS script or read /etc/passwd, but can run any native syntax and a list of pre-approved functions.

• Timeout control… so an execution ceiling can apply to while(true) do_intensive_stuff();, etc.

Any obvious choices spring to mind?