Skip to content
Lune

Security

When running Lune scripts, it is important to note that any scripts you execute have full access to your device - this means access to your files, programs, and more. It is important to stay cautious when executing a script from a source you don’t trust.

Some alternatives to solving this problem are:

  1. Running Lune scripts in a custom sandboxed environment.
  2. Using a containerized environment such as Docker.
  3. Using a virtual machine.

Sandboxing

Section titled “Sandboxing”

Lune provides a rudimentary, albeit working sandboxing example. We provide steps to use it here, but for proper security & deployments, using a container or a virtual machine is highly recommended.

  1. Copy the sandbox module and place it in a file named sandbox.luau.

  2. Now, place the untrusted script you want to run safely next to the sandbox.luau script.

    Terminal
    lune run sandbox.luau script.luau -- [ARGUMENTS_HERE]

    Replace script.luau and [ARGUMENTS_HERE] with the path to the script and the arguments to run it with.

  3. As the script runs, any requires to potentially dangerous modules will require your approval before continuing and any invocations to methods within approved modules will be logged.

    Additionally, the output of the sandbox script and the script being run will be separated.