Custom JavaScript Interpreter/Parser?

Does anyone know of a simple library that allows me to limit what methods and functions that get parsed in from a custom JavaScript file.

Basically I want to make some sort of method that people can write valid JavaScript but get rid of certain security concerns that can be uploaded by users and attached to objects in a scene.

I don’t want to have to write up my own language all from scratch, but really am interested in this idea. All examples I can find are super overkill and was hoping someone knew of a good boilerplate solution for this.

Ideally id be able to expose certain babylon stuff but restrict other parts of it as well.

1 Like

I can’t offer a library as an answer.

But have you look into running an eval function inside a webworker?

You would need to build some sort of bridge between the two contexts.

I am doing this to create a programmable game without needing to use isolated-vm. Basically monaco-react → webworker → eval → message event → back to game

Do you have some code examples I could look at?

VM module for node.js
quickjs-emscripten for browsers

I would assume if anyone has done sth like that, then they operate on an Abstract Syntax Tree (AST). So maybe search for libraries that use an AST parser (like Acorn or so).

1 Like

I just started making my own language that looks and feels like JavaScript, but lets me control the scope access and every function that is available to the user.

Works pretty good so far, just need to finish object member chaining and wrap up simple logic operators.

Its seeming very promising as of right now.

You can do that in JavaScript :slight_smile:

Using “call” or “apply”

What are you building?

A simplified language that users will be able to program their own behaviors in without exposing security risks.

oh nice , is this is the tool babylon used just a while ago for a virtual meetup?

1 Like

Yeah! I am currently employed by them and letting people code their own stuff has been a high priority but tough to take up topic because of how dynamic of a problem it is.

1 Like

I’m on the same struggle with the flow graph :rofl:


Welp, I pulled it off!

The languages environment is complete sandboxed from everything, but inside its context you can teach it to have “NativeFunctions” that can access elements/methods inside the normal dom context (like window, fetch, babylon nodes etc). But before it gets passed back its sterilized so that no contextual leak happens.

Basically you define native methods like this:

and a user is able to do things like:

GetAllAssets()[0].position.x = 3;

This will allow scripting in runtime environments without causing security concerns.

here is the first script fully written and tested out:

const assets = GetAllAssets();
const asset = assets[0];
const speed = 1;
asset.position.x = 0;
function startBackForth(target){
    const delta = GetDeltaSeconds();
    target.position.x = target.position.x + delta * speed;
    (target.position.x <= 2.0);
        const delta = GetDeltaSeconds();
        target.position.x = target.position.x - delta * speed;
        (target.position.x >= 0 - 2);


I have not taught the interpreter about Unary Expressions yet (will do that soon) which us why -2 has to be defined as 0 - 2. It also does not care about return Expressions yet and just returns the last evaluated term in the function as the results.

Originally I did my own custom AST parser, but that is just overkill because libraries like acorn or seahorse handle things just fine. Next time if I had to do this id probably use s-evaluation instead of AST, but ehhh whatever. It would also be nice to have a call stack instead of recursive resolution. Ohh and to compile it to binary for extra speed… but this was my first go at a full fledged language and just having memberCalls/memberAssignments, classes, blocks, lambda functions etc makes it good enough to roll with for now. The idea was to keep it as close to JavaScript as possible but have complete control over the runtime evaluation.

I’m sure there are better ways to do this than make your own interpreter and some one will for sure have something to say about that, but you know what, I learned a lot, had a lot of fun and this is just the start so I am happy with the results.


So this is turning out to be a fully working solution, I have most modern JavaScript supported and am able to make full demos now.

We are have a simple frontend code editor and are moving forward on releasing this in FrameVR soon!