A recently revised JavaScript library now makes it possible to run untrusted JavaScript code, in either Node.js or a modern browser, via a sandboxed environment that provides a controlled way to determine its behavior.
Hostile code can be written in any language and JavaScript is no exception, whether it’s run in a Node.js instance or in a web browser. Often, the only way to determine how a piece of JavaScript will really behave is to run it and watch the results — preferably isolated inside a VM. But this isn’t always practical.