Riza: a modern alternative to
isolated-vm & vm2
Isolated code execution via an HTTP API
Riza: a modern alternative to
Looking for a secure way to execute untrusted JavaScript or TypeScript code?
Projects like isolated-vm and vm2 used to be viable options, but they're now deprecated or in maintenance mode—and vm2 has critical security vulnerabilities.
Riza fills the gaps left by isolated-vm and vm2 . Riza is a modern code interpreter that offers a simple yet powerful solution for isolated code execution.
Why Riza?
Older solutions like isolated-vm and vm2 required complex setup and maintenance. You needed to manage the isolation environment, handle resource limits, and deal with security configurations.
Riza simplifies this by providing a managed service with a straightforward HTTP API.
Technical Comparison
| Feature | Riza | isolated-vm | vm2 |
|---|---|---|---|
| Security |
|
|
|
| Maintenance | Automatic updates and security patches provided by Riza | Requires regular manual updates to handle new V8 engines | ❌ Project is deprecated |
| Setup complexity |
|
|
|
| Runtime limits | 30 second execution limit | Configurable | Configurable |
| Language support | Executes JavaScript/TypeScript, Python, Ruby, & PHP | Executes JavaScript only | Executes JavaScript only |
Code Example Comparison
With isolated-vm:
import * as ivm from "isolated-vm";
const isolate = new ivm.Isolate({ memoryLimit: 128 });
const context = await isolate.createContext();
const jail = context.global;
await jail.set('global', jail.derefInto());
const script = await isolate.compileScript('console.log("Hello")');
await script.run(context);
With vm2:
import VM from "vm2";
const vm = new VM({
timeout: 1000,
sandbox: {}
});
vm.run('console.log("Hello")');
With Riza:
import Riza from "@riza-io/api";
const riza = new Riza();
const resp = await riza.command.exec({
language: "javascript",
code: 'console.log("Hello")'
});
How Riza Works
Using Riza is as simple as making an HTTP request:
- Send your code to Riza's Function Execution endpoint
- Riza executes it in a secure, isolated environment
- Receive the execution results
Key Features
HTTP-first design
No need to manage VMs or containers—just make an HTTP request
NPM package support
Use your favorite npm packages by creating custom runtimes
TypeScript support
Write your code in TypeScript or JavaScript
Secure by default
Every execution runs in its own isolated environment
Custom Runtimes
Need specific npm packages? Riza's custom runtimes let you define an environment with any npm dependencies. Create a runtime once, and use it for any number of code executions on Riza.
Security Without Compromise
Unlike VM-based solutions, Riza provides true isolation by executing your untrusted code in our cloud infrastructure. Each code execution runs in a completely separate environment, ensuring maximum security.
Try Riza Today
Ready to simplify your code execution needs? Visit our Hello World guide to get started. Contact us at hello@riza.io if you'd like to self-host Riza.