JavaScript Sandbox

Bruno provides two modes for executing JavaScript code in your collections:

1. Safe Mode
2. Developer Mode

Safe Mode

JavaScript code is executed in a secure sandbox and cannot access your filesystem or execute system commands. We recommend Safe Mode for most users.

Developer Mode

JavaScript code has access to the filesystem, can execute system commands and access sensitive information.

When to use Developer Mode

• You trust the collection source/authors (Ex: Collection maintained by you/your team) and Safe Mode is not enough for your use case.
• You need to use external npm packages in your scripts
• Your collection needs access to filesystem / system commands

When to avoid Developer Mode

• You are running a collection that you do not trust (Ex: Downloaded from the internet)

Detecting Sandbox Mode in Scripts

You can programmatically detect the current sandbox mode in your pre-request, post-request, and test scripts using the bru.isSafeMode() API.

Use Case: Some collections may require explicit Developer Mode features. By detecting the sandbox mode, you can log appropriate error messages or take alternative actions when the collection is run in Safe Mode.

Example:

// Check if running in Safe Mode
if (bru.isSafeMode()) {
  console.log('⚠️ This collection requires Developer Mode.');
  console.log('Please switch to Developer Mode to use filesystem and external packages.');
} else {
  console.log('✓ Running in Developer Mode - all features available.');
  // Proceed with Developer Mode features
  const fs = require('fs');
  // ... use filesystem operations
}

API Reference: See the complete documentation in JavaScript API Reference.