Start writing clear and structured server code with pure JavaScript. Stop using obsolete and slow script languages on your servers and get rid of confusing security concepts.

NeptunJS supports:

Keep your existing server

NeptunJS gives you the opportunity to keep your existing Apache Server. Include your scripts with CGI or call it from your command line. No special preparation or installation of your server is reqired. NeptunJS can also be used to manage tasks on your local pc since it is designed to be called by the command line.

Security Tokens

A main feature is the implemented security system to control all reading, writing and executing of any extern resources. Therefore all addins support security tokens, which are required to access data. Each token consists of an path, execution rights and a scheme. The following examples show how to use the system: You can pass security tokens via the -p parameter. You can pass the permission paramter multiple times to set different security tokens. The following parameters would therefore allow, read-only access to all subfolders and additional writing permission for the "user"-folder
"-pr|file|false|./" "-prw|file|true|./user/"
Since the "|"-Sign appears in der -p parameter make sure to quote the parameter as shown in the example above.

Run user code without security risks

Warning! - NeptunJS is designed for executing unknown code by controlling its access to the server functions. All permissions given to the script can increase the chance to break out of the given environment. Therefore you should not only rely on NeptunJS's protection mechanisms but secure your system by restricting the rights of the user running NeptunJS to the minimum amount needed. Especially execution rights should be used very carefully! By accidentally giving executions rights to the NeptunJS binary or any other code interpreter, scripts can break out of NeptunJS's secured environment.

Untrusted code

NeptunJS gives scripts the freedom to execute freely as long as no interaction with the system is made. If you are planning to run untrusted code with NeptunJS under an save environment here are a few tipps for a good system setup:
  1. Use the latest v8 version. The v8 engine is the part of NeptunJS running the script code itself. Because of its popularity and great developer community it is very unlikely that the engine contains dangerous bugs. Nevertheless it is highly recommended to compile NeptunJS with the latest v8 version possible. For more information see - How to build V8
  2. Do not use secret passwords in combination with external code. JavaScript allows the user to modify almost every class or variable. Therefore you should not use secret password or tokens if you aren't sure whether or not unknown code is executed. By overwriting login functions (for example SQL.connect() ) an attacker could easily intercept the given data.

Setup NeptunJS in 5 Minutes

Use NeptunJS with CGI

Getting started

We start with a simple script:
outputBuffer.write("Hello World");

Save this into a file and run it with the following command: neptunjs -utest -ptestpw helloworld.js
Work in progress ...


With the -t parameter you can enable tag-mode for NeptunJS. A script running in tag-mode interprets the file like normal text, unless you insert <?js ... ?> to create JavaScript taggs. This can be helpfull for scripts with high text ouput like websites or long texts.