Snaps execution environment
Snaps are untrusted JavaScript programs that execute safely in a sandboxed environment that runs Secure ECMAScript (SES). This allows MetaMask to restrict access to global JavaScript APIs and to isolate a Snap's code from other parts of the application.
This environment does not have a DOM, Node.js built-ins, or platform-specific APIs other than the
default snap
global and MetaMask's ethereum
global.
The execution environment is designed to:
- Prevent Snaps from polluting the global environment.
- Prevent malicious Snaps from stealing from users.
- Prevent Snaps from accessing sensitive JavaScript global APIs (such as
fetch
) without permission. - Be "fully virtualizable," or platform-independent.
This allows you to safely execute Snaps anywhere, without the Snap needing to worry about where and how it's executed.
Supported globals
A Snap can access the Snaps API using the snap
global, and the
MetaMask JSON-RPC API using the ethereum
global.
To access the ethereum
global, a Snap must request the
endowment:ethereum-provider
permission.
Almost all
standard JavaScript globals
that are also in Node.js are available to Snaps.
This includes globals such as Promise
, Error
, Math
, Set
, and Reflect
.
The following globals are also available:
console
fetch
(with theendowment:network-access
permission)setTimeout
/clearTimeout
setInterval
/clearInterval
SubtleCrypto
WebAssembly
(with theendowment:webassembly
permission)TextEncoder
/TextDecoder
atob
/btoa
URL
To use Node.js built-in modules such as crypto
and path
, set the
polyfills
configuration option to true
.
Secure ECMAScript (SES)
Secure ECMAScript (SES) is a subset of JavaScript designed to enable mutually suspicious programs to execute in the same JavaScript process (or the same realm). You can think of it as a more severe form of JavaScript strict mode.