node.js and generating modules at/during runtime

Question

node.js and generating modules at/during runtime

I'm currently working on a node.js project that requires generating and altering objects in memory at and during runtime. I know this sounds confusing, so here's an example.

Monday 10am:

var PI = Math.PI;

exports.area = function (r) {
   return PI * r * r;
};

Monday 11am:

var PI = Math.PI;
var minSize = 10;

exports.area = function (r) {
   if (r >= minSize) {
      return PI * r * r;
   } else {
      return "Error: Minimum size not met.";
   }
};

Monday 12noon:

var PI = Math.PI;
var minSize = 10;
var msg = "Error: Minimum size of " + minSize + "not met.";    

exports.area = function (r) {
   if (r >= minSize) {
      return PI * r * r;
   } else {
      return msg;
   }
};

Tuesday 10am:

var PI = Math.PI;
var minSize = 15;
var error['eng'] = "Error: Minimum size of " + minSize + "not met.";    
var error['chn'] = "錯誤：不符合最小尺寸:" + minSize + "。"    

exports.area = function (r) {
   if (r >= minSize) {
      return PI * r * r;
   } else {
      return error;
   }
};

exports.circumference = function (r) {
   if (r >= minSize) {
      return 2 * PI * r;
   } else {
      return error;
   }
};

This is a bit of a contrived example, because most of the changes could avoided with proper planning, I know, but it sort of goes to illustrate the point. This module kept changing in both variables and functions, expanding while the server is running.

Here are the restrictions I have:

Use Prototypal Inheritance (no keyword "new")
Changes take effect at the next call of the function
Changes include addition of new variables and functions
Changes need to be saved for server restarts
Cannot use eval()

I've thought of two possible strategies:

Using .prototype, continue to add/change functions and variables.
- Pros: Able to do it as the server is running
- Cons: I'm not sure how to save it to file. As far as I know, I cannot save functions to file without using eval() in some way
Editing the files directly and reloading them through something like node-supervisor.
- Pros: Changes would be saved over, versions could be saved and reverted back to
- Cons: I think editing the files directly would more or less have the same consequence using eval(), ie, if someone sneaks something malicious the system could break.

That's all I can think of right now. Would appreciate any opinions or options in this area.

javascript
node.js
module
runtime
dynamically-generated

Answer 1

For future reference:

node.js' vm module has several runInContext() functions that will effectively sandbox the execution and prevent access to variables outside its scope. There is a blog entry here that discusses the difference between the different versions, with benchmarks available
There is also a sandbox module available for node.js
The disadvantage of running things in a sandbox is that the execution is a lot slower

Conclusion: It's not impossible to store functions and execute them safely within the confines of a sandbox, it's just not very practical.

Alternate Solution: If the functions themselves are not too complex, it's not impossible to store the calls in the form of a DSL and parse them back out after.