playbooks

home / mcp / mcp javascript sandbox server

MCP Javascript Sandbox Server

Provides a secure QuickJS WASM sandbox to execute JavaScript via MCP and capture stdout and stderr.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "jlucaso1-mcp-javascript-sandbox": {
      "command": "node",
      "args": [
        "server.ts"
      ]
    }
  }
}

You can run JavaScript snippets securely in a sandboxed QuickJS WASM environment and access the output through the MCP protocol. This server exposes a single tool, run_javascript_code, and streams stdout and stderr back to you for easy integration with your MCP clients.

How to use

You connect to the server via an MCP client over stdio and invoke the run_javascript_code tool by sending a JavaScript code string. The server executes the code inside a QuickJS WASM sandbox and returns three pieces of information: the captured standard output, the captured standard error, and any runtime errors. This lets you safely run potentially untrusted code and observe exactly what it prints or reports as errors.

How to install

Prerequisites you need on your machine before starting:

  • Node.js v23.x or later is recommended for node:wasi compatibility
  • npm or yarn for dependency management
  • A local copy of the QuickJS WASM file qjs-wasi.wasm needs to be available alongside the server

Step-by-step setup commands you should run in order:

# 1) Install dependencies
npm install

# 2) Ensure the QuickJS WASM file is in the expected location
# (e.g., ./dist/qjs-wasi.wasm if your build places it there)

# 3) Start the server
node server.ts

Additional notes and considerations

Secure execution is achieved by running JavaScript code inside a WASI-enabled QuickJS sandbox. The server redirects stdout and stderr to files during execution and returns their contents to the MCP client. If an error occurs, you receive both runtime error information and the non-zero exit status when appropriate.

Environment and runtime details you might encounter: the server relies on a WASI-enabled runtime provided by Node.js and a pre-compiled WASM engine. Ensure the qjs-wasi.wasm file is available in the expected path relative to the server entry point, and that your Node.js version supports node:wasi for proper instantiation.

Tools exposed by the server

run_javascript_code: Executes a string of JavaScript within a sandboxed QuickJS WASM environment and returns stdout, stderr, and any execution errors to the MCP client.

Available tools

run_javascript_code

Executes a JavaScript snippet inside a sandboxed QuickJS WASM environment and returns stdout, stderr, and any runtime errors to the MCP client.