How effective is this as a sandbox, are there any know (security) tradeoffs? I was using QuickJS for my previous projects but I'm wondering if yours is a better solution (it's certainly more performant).
Yes, it’s running in a web worker. It still has access to the browser, so running code in the worker has the same privileges as regular workers. The only communication with the main thread is via socket messages.