We recently had to solve the challenge of executing untrusted code (from users and 3rd-party extension developers) and eventually ended up with this fast and completely stateless service at which we can throw any script and context with nothing more than a simple request.<p>Not only can get the result back (whatever the script returns), but also allow for outbound requests via a custom fetch implementation, which further allows scripts for making pre-authenticated requests to our own product API, but also to those of other products people have linked to their account. All without exposing the actual access tokens, or course.<p>Would anyone be interested in using such a service? And for those who already solved this themselves, what's your way of running untrusted code (from users or extension developers) in a fast & secure manner?