Skip to content
Lune

Security

When running Lune scripts, it’s important to know that any scripts you execute have full access to your device - this means access to your files, programs, and more. It is generally good to be cautious when running scripts from sources you don’t trust.

Here are some ways to run untrusted scripts more safely:

  1. Running Lune scripts in a custom sandboxed environment
  2. Using a containerized environment such as Docker
  3. Using a virtual machine

Sandboxing

Section titled “Sandboxing”

Lune provides a basic but functional sandboxing example. We’ll show you how to use it here, but for production use and proper security, using a container or virtual machine is highly recommended.

  1. Copy the sandbox module and save it as sandbox.luau.

  2. Place the untrusted script you want to run next to the sandbox.luau file.

    Terminal
    lune run sandbox.luau script.luau -- [ARGUMENTS_HERE]

    Replace script.luau and [ARGUMENTS_HERE] with the path to your script and any arguments you want to pass to it.

  3. As the script runs, any attempts to access potentially dangerous modules will require your approval before continuing. Any method calls within approved modules will be logged.

    The output from the sandbox script and the script being run will be clearly separated, so you can see what’s happening.