I took a quick look and here's what I've gathered.
This thing gives the impression that user code is pre-emptible (it really just forks the process under the hood), whereas using vm naively risks blocking your process (infinite loop in user code will gimp the server).
There's also some pseudo-console.log hack to allow communication from user code to the outside world.
Even so, I don't see the point of this either. vm + forked child process will do the same thing, it's much more versatile, and if you're working a use-case where running untrusted code is necessary, you're probably good enough with Node to cook up this kind of solution in no more than a few minutes.
This thing gives the impression that user code is pre-emptible (it really just forks the process under the hood), whereas using vm naively risks blocking your process (infinite loop in user code will gimp the server).
There's also some pseudo-console.log hack to allow communication from user code to the outside world.
Even so, I don't see the point of this either. vm + forked child process will do the same thing, it's much more versatile, and if you're working a use-case where running untrusted code is necessary, you're probably good enough with Node to cook up this kind of solution in no more than a few minutes.