Snaps execution environment

Snaps are untrusted JavaScript programs that execute safely in a sandboxed environment that runs Secure ECMAScript (SES). This allows MetaMask to restrict access to global JavaScript APIs and to isolate a Snap's code from other parts of the application.

This environment does not have a DOM, Node.js built-ins, or platform-specific APIs other than the default snap global and MetaMask's ethereum global.

The execution environment is designed to:

• Prevent Snaps from polluting the global environment.
• Prevent malicious Snaps from stealing from users.
• Prevent Snaps from accessing sensitive JavaScript global APIs (such as fetch) without permission.
• Be "fully virtualizable," or platform-independent.

This allows you to safely execute Snaps anywhere, without the Snap needing to worry about where and how it's executed.

Supported globals

A Snap can access the Snaps API using the snap global, and the MetaMask JSON-RPC API using the ethereum global. To access the ethereum global, a Snap must request the endowment:ethereum-provider permission.

Almost all standard JavaScript globals that are also in Node.js are available to Snaps. This includes globals such as Promise, Error, Math, Set, and Reflect.

The following globals are also available:

• console
• fetch (with the endowment:network-access permission)
• setTimeout / clearTimeout
• setInterval / clearInterval
• SubtleCrypto
• WebAssembly (with the endowment:webassembly permission)
• TextEncoder / TextDecoder
• atob / btoa
• URL

note

To use Node.js built-in modules such as crypto and path, set the polyfills configuration option to true.

Secure ECMAScript (SES)

Secure ECMAScript (SES) is a subset of JavaScript designed to enable mutually suspicious programs to execute in the same JavaScript process (or the same realm). You can think of it as a more severe form of JavaScript strict mode.