Snaps execution environment
Snaps are untrusted JavaScript programs that execute safely in a sandboxed environment that runs
Secure ECMAScript (SES).
There's no DOM, no Node.js built-ins, and no platform-specific APIs other than MetaMask's wallet
global object.
Almost all standard JavaScript globals contained in
this list that
are also in Node.js are available as normal.
This includes globals such as Promise
, Error
, Math
, Set
, and Reflect
.
The following globals are also available:
console
crypto
fetch
(with theendowment:network-access
permission)setTimeout
/clearTimeout
setInterval
/clearInterval
SubtleCrypto
WebAssembly
(with theendowment:webassembly
permission)TextEncoder
/TextDecoder
atob
/btoa
URL
The execution environment is instrumented in this way to:
- Prevent snaps from influencing any other running code, including MetaMask itself. That is, prevent all snaps from polluting the global environment and malicious snaps from stealing the user's stuff.
- Prevent snaps from accessing sensitive JavaScript APIs (such as
fetch
) without permission. - Ensure that the execution environment is "fully virtualizable," that is, platform-independent.
This allows you to safely execute snaps anywhere, without the snap needing to worry about where and how it's executed.
Secure ECMAScript (SES)
Secure ECMAScript (SES), is a subset of the JavaScript language designed to enable mutually suspicious programs to execute in the same JavaScript process (or more accurately, the same realm). You can think of it as a more severe form of strict mode.