Critical vm2 sandbox bug lets attackers execute code on hosts
… The library attempts to isolate sandboxed code from the host system and block access to sensitive Node.js APIs like process and the filesystem. vm2 is widely used, with more than 1.3 million weekly downloads on the npm Node Package Manager , the default command-line package manager for Node.js. …