Skip to main content

Snaps execution environment

Snaps are untrusted JavaScript programs that execute safely in a sandboxed environment that runs Secure ECMAScript (SES). There's no DOM, no Node.js built-ins, and no platform-specific APIs other than MetaMask's wallet global object. Almost all standard JavaScript globals contained in this list that are also in Node.js are available as normal. This includes globals such as Promise, Error, Math, Set, and Reflect.

The following globals are also available:

  • console
  • crypto
  • fetch / WebSocket (with the appropriate permission)
  • setTimeout / clearTimeout
  • setInterval / clearInterval
  • SubtleCrypto
  • WebAssembly
  • TextEncoder / TextDecoder
  • atob / btoa
  • URL

The execution environment is instrumented in this way to:

  1. Prevent snaps from influencing any other running code, including MetaMask itself. That is, prevent all snaps from polluting the global environment and malicious snaps from stealing the user's stuff.
  2. Prevent snaps from accessing sensitive JavaScript APIs (such as fetch) without permission.
  3. Ensure that the execution environment is "fully virtualizable," that is, platform-independent.

This allows you to safely execute snaps anywhere, without the snap needing to worry about where and how it's executed.

Secure ECMAScript (SES)

Secure ECMAScript (SES), is a subset of the JavaScript language designed to enable mutually suspicious programs to execute in the same JavaScript process (or more accurately, the same realm). You can think of it as a more severe form of strict mode.