# Unsupported APIs And Runtime Limits This document is generated from [docs/compat/nodejs.json](./nodejs.json) plus the runtime boundary list in [scripts/generate-compat-doc.mjs](../../scripts/generate-compat-doc.mjs). Do not edit this file by hand; update the matrix or generator and run `npm run compat:docs`. OpenContainers runs inside the browser security model. APIs that require native OS privileges, host-process access, raw external sockets, or direct host app access must fail with clear OpenContainers errors instead of silently escaping the sandbox. ## Core Module Unsupported Operations | Module | Current | Error Code | Probe | Limitation | | --- | --- | --- | --- | --- | | `node:net` | `partial` | `ERR_OPENCONTAINERS_NET_UNSUPPORTED` | `require('node:net')._createServerHandle('127.0.0.1', 4321, 4)` | Virtual loopback TCP supports constructor sockets, Node-shaped public export order and BlockList/SocketAddress accessor descriptors, Socket/Server/createServer/private helper names/arities, Server Symbol.asyncDispose descriptor/idle close behavior, and exported helper own-prototype metadata, Stream aliasing, native-shaped Socket prototype control/accessor rows, fresh-socket state, accepted server sockets as net.Socket instances, legacy argument normalization probes, missing connect target validation, Node-shaped bad port validation, common socket state fields, paused reads, allowHalfOpen readOnly/writeOnly lifecycle with delayed peer writes, timeouts, chainable socket controls, Node-shaped BlockList/SocketAddress static guards, accessors, native-aligned SocketAddress parse/port/address/family/flowlabel validation, JSON probes, and auto-select-family defaults; external raw TCP and native libuv server handles are blocked. | | `node:child_process` | `partial` | `ERR_OPENCONTAINERS_CHILD_PROCESS_UNSUPPORTED` | `require('node:child_process')._forkChild()` | Virtual child process execution is supported for OpenContainers commands, including Node-shaped CommonJS export order/helper arities/helper own prototypes, spawn/exec/execFile sync and async helpers, spawn event plus spawnfile/spawnargs/stdio metadata, shell mode, sync stdin input, sync and async encoding buffer results, sync maxBuffer validation/ENOBUFS results, sync timeout validation/ETIMEDOUT results, sync missing executable ENOENT result/error shape, async missing executable ENOENT event/callback shape, shell command-not-found status 127 behavior, async per-stream maxBuffer validation/ERR_CHILD_PROCESS_STDIO_MAXBUFFER results, async timeout kill semantics, AbortSignal cancellation with Node-shaped AbortError events, fork JSON IPC, and ChildProcess package-probe constructors, writable ChildProcess constructor prototype descriptor, prototype metadata, and Symbol.dispose descriptor/kill-call parity. Host OS processes, direct ChildProcess.spawn, child_process._forkChild, and IPC handle/fd passing are unsupported. | | `node:cluster` | `partial` | `ERR_OPENCONTAINERS_CLUSTER_IPC_UNSUPPORTED` | `new (require('node:cluster').Worker)().send({})` | Virtual cluster workers can fork the current OpenContainers entrypoint and emit lifecycle events with Node-shaped CommonJS export order, module EventEmitter metadata without leaking the internal OpenContainers event storage symbol, and Worker callable constructor/prototype plus method prototype metadata, and native-shaped setup/fork/disconnect helper function metadata; IPC, handle passing, shared server handles, and real multi-process OS semantics remain unsupported. | | `node:crypto` | `partial` | `ERR_OPENCONTAINERS_CRYPTO_UNSUPPORTED` | `const crypto = require('node:crypto'); const params = { message: Buffer.from('password'), nonce: Buffer.alloc(16), parallelism: 1, tagLength: 32, memory: 1024, passes: 1 }; crypto.argon2Sync('argon2id', params)` | Common hash algorithms including MD5/SHA with buffer digest output, native-ordered getHashes/getCurves discovery-list probes, random UUID v4/v7 helpers, Node-shaped randomBytes/randomInt/randomFill validation, native-shaped CommonJS export order, native-shaped descriptor, browser-safe prime check/generation probes, OpenSSL/FIPS helper validation, random/helper own-prototype metadata, and function/prototype metadata for constants/WebCrypto/legacy random aliases/timingSafeEqual/common helpers, stable OpenSSL option/version/cipher-list constants including native-shaped defaultCipherList accessor-to-data assignment metadata plus TLS protocol aliases and RSA/DH/engine/point-conversion constants, getRandomValues, HMAC, AES-CBC/CTR/GCM, PBKDF2/HKDF/scrypt KDFs, WebCrypto, OpenSSL engine/FIPS probes, Node-shaped Hash/Hmac deprecated public constructor names, callable Hash/Hmac direct constructors, and Cipheriv/Decipheriv constructors, callable Certificate constructor with native-shaped static/prototype descriptor metadata and malformed-SPKAC fallbacks, X509Certificate metadata, public/private key probes, and constructable/writable asymmetric package probes are present; native OpenSSL coverage, Argon2, and KEM encapsulation/decapsulation remain unsupported with stable errors and Node-shaped arities. | | `node:dgram` | `partial` | `ERR_OPENCONTAINERS_DGRAM_UNSUPPORTED` | `const socket = require('node:dgram').createSocket('udp4'); socket.addMembership('224.0.0.1')` | Virtual UDP loopback sockets support udp4/udp6 bind, connect, disconnect/remoteAddress lifecycle errors, message callbacks, send/sendto chunk-array delivery, connected offset/length send overloads, unconnected numeric string port sends and native-shaped ambiguous send overload validation, queue probes, buffer sizing, AbortSignal socket option close behavior, Node-shaped CommonJS export/prototype order, native-shaped public Socket own-prototype names, writable Socket prototype descriptor, callable Socket constructor no-op parity, socket option method metadata plus native-shaped own function prototype descriptors, async disposal, Node-shaped socket type/TTL/buffer-size validation errors, unbound setBroadcast/setTTL EBADF behavior, duplicate close errors, non-function close callback tolerance, and multicast argument validation before stable unsupported multicast failures; external UDP and multicast remain blocked by the browser security model. | | `node:http2` | `partial` | `ERR_OPENCONTAINERS_HTTP2_UNSUPPORTED` | `require('node:http2').createSecureServer()` | Virtual cleartext h2c sessions are supported for loopback server/client streams and createServer request/response handlers with native-shaped CommonJS export order, constants, helper metadata/own-prototype descriptors, sensitiveHeaders symbol, settings packing probes, exact Http2ServerRequest/Http2ServerResponse prototype order, inherited request stream helpers, response symbol descriptors, and response helper/accessor probes; secure HTTP/2, external HTTP/2, raw wire-level protocol negotiation, push streams, and performServerHandshake raw stream handoff remain unsupported with stable errors. | | `node:module` | `partial` | `ERR_OPENCONTAINERS_NATIVE_ADDON_UNSUPPORTED` | `require('node:fs').writeFileSync('/workspace/addon.node', ''); require('/workspace/addon.node')` | CommonJS helpers, default-free CommonJS export shape, native-shaped CommonJS export and own-property order including flushCompileCache no-own-prototype metadata, native-shaped builtinModules order, require-cache parity, require.extensions handlers, public require/resolve request validation, relative paths lookup behavior, and null-receiver Module.prototype.require fallback, createRequire filename validation, parent-aware Module._load, native-shaped public helper metadata/own-prototype shape including module.register arity, Module.wrapper/wrap probes, native-shaped Module.prototype method/accessor metadata including constructor and parent accessor own-prototype shape plus manual require/load/_compile probes, native-shaped private resolver hook arities and private helper metadata, private _stat/_readPackage accessors and package probes, native-shaped SourceMap prototype/accessor metadata including Symbol(kMappings) tuple-array probes plus simple VLQ findEntry/findOrigin mapping lookups, Node-shaped builtin metadata including node:-only test/sqlite modules, native-shaped transformed ESM builtin namespace order/descriptors/assignment probes, syncBuiltinESMExports mutation/delete refresh behavior for builtin namespaces, package self-reference exports, import.meta.resolve package exports/imports including pattern targets, package exports/imports pattern arrays, mixed package exports config validation, package imports target validation, require.resolve/_resolveFilename explicit lookup paths, virtual HOME/NODE_PATH-backed Module.globalPaths and _initPaths reset behavior, static ESM package imports/re-exports, default+namespace imports, and namespace re-exports using import-condition resolution, and declaration-order conditional targets with browser fallback, package lookup with native-shaped findPackageJSON argument and resolution validation, compile-cache cacheDir validation/source-map probes, stripTypeScriptTypes strip-mode validation/sourceURL trailers, synchronous registerHooks resolve/load execution for CommonJS require and dynamic ESM import, data: URL and parentURL-backed file module.register loader hooks for dynamic ESM import, and native-shaped registerHooks handle keys/descriptors/prototype metadata are shimmed, while native .node add-ons fail with a stable OpenContainers unsupported error; broader custom loader coverage remains partial. | | `node:process` | `partial` | `ERR_OPENCONTAINERS_PROCESS_UNSUPPORTED` | `require('node:process').execve('/missing', ['probe'], { PATH: '/bin' })` | Process metadata, native-shaped CommonJS export and own-property order, expanded native-ordered process.versions dependency keys/read-only descriptors, native-shaped process.features values/property descriptors plus allowedNodeEnvironmentFlags/finalization/exitCode and sourceMapsEnabled/stdin/stdout/stderr/report accessor descriptor metadata, sourceMapsEnabled/report non-constructable getters, node -e argv and bad-option normalization, launch-mode process._eval/preload/exiting probes, script-mode process.mainModule parity, pid/argv0/preload identity descriptor metadata, Node-shaped process toStringTag/EventEmitter metadata without leaking the internal OpenContainers event storage symbol, readonly public runtime metadata descriptors, native-shaped process diagnostic helper names/arities/prototype metadata, POSIX identity/mutation helper names/arities/prototype metadata, selected process helper names/arities/prototype metadata, hidden OpenContainers internal lifecycle helpers, process.loadEnvFile, Node-shaped process.env assignment/defineProperty string coercion, Node-like allowedNodeEnvironmentFlags, process.domain probes, feature probes, refable helpers, signal-0 process probes, current-process virtual signal listener delivery, unhandled SIGINT termination metadata, cpuUsage/threadCpuUsage previous-sample validation, report generation/exclusion flags, common helpers, umask parsing, chdir target validation/cwd preservation, common argument validation, native escape-hatch metadata/validation for browser-blocked execve/dlopen/binding/abort/debug helpers, and Node-shaped exitCode assignment validation/coercion are virtualized; host-native signals, uid/gid, host real cwd semantics, native dlopen/addons, process replacement, and host debugger controls are constrained. | | `node:tls` | `partial` | `ERR_OPENCONTAINERS_TLS_UNSUPPORTED` | `require('node:tls').connect(443, 'example.com')` | TLS API shape, Node-shaped CommonJS export order/descriptors without legacy createConnection/createSecurePair/parseCertString exports, connect argument validation, secure contexts, constructor/function arities, native constructor prototype descriptors, callable SecureContext/Server constructors, getCiphers no-own-prototype metadata and native ordered cipher-list parity, native DEFAULT_CIPHERS parity with crypto.constants.defaultCoreCipherList, constants, hostname identity checks, X509 certificate accessors, ALPN helpers, empty browser CA certificate helper stores, rootCertificates getter metadata, native-shaped TLSSocket/Server own-prototype metadata and prototype symbols, native-shaped TLSSocket/Server method-function own-prototype and constructability metadata, Server ticket-key Buffer copy/validation probes, unconnected TLSSocket cipher/protocol probes, inherited transport helper probes, and enumerable probe class methods are available; raw TLS sockets, OS certificate stores, and secure servers remain unavailable to browser JavaScript. | | `node:v8` | `partial` | `ERR_OPENCONTAINERS_V8_UNSUPPORTED` | `require('node:v8').getHeapSnapshot()` | Heap stats and C++ heap statistics expose the native Node v26 field set and object shapes with browser-safe approximate values, while serialize/deserialize, stable nonzero cached-data version tag, Node-shaped CommonJS export order, Serializer/Deserializer/GCProfiler constructor and prototype metadata, native-shaped Serializer._getDataCloneError function prototype metadata and selected Serializer/Deserializer method own-prototype metadata, no-op CPU/heap/GC profiler handles, GCProfiler Symbol.dispose metadata, helper arities, native-shaped helper own-prototype metadata, nested promiseHooks/startupSnapshot helper own-prototype metadata, promise hook no-op stop functions and callback validation, queryObjects validation, isStringOneByteRepresentation input validation, deserialize input validation, Deserializer constructor validation, raw-byte serializer validation, raw-byte length validation, direct SharedArrayBuffer serialization rejection while preserving SAB-backed typed-array serialization, releaseBuffer empty/consume semantics, ArrayBuffer transfer validation, heap snapshot option/path validation, and startupSnapshot shape use browser-safe OpenContainers approximations; native V8 snapshots and heap inspection remain unavailable. | | `node:inspector` | `partial` | `ERR_OPENCONTAINERS_INSPECTOR_UNSUPPORTED` | `require('node:inspector').open()` | Session constructor/prototype shape, hidden connection state, Node-shaped CommonJS export order/top-level function metadata, duplicate-connect, truthy non-function callback validation before connection checks, main-thread connectToMainThread rejection, Node-shaped event-silent manual disconnect, eventing, Runtime.evaluate/getProperties with native-shaped invalid-parameter and invalid remote object protocol errors, synthetic Profiler.start/stop CPU profiles, native-ordered, toStringTag-aligned no-op console and native-ordered Network/DOMStorage/NetworkResources namespace probes with native-shaped helper names/arities/prototype metadata, no-op domain enable/disable, and Schema.getDomains are present; the real browser inspector protocol is not exposed to sandboxed code. | | `node:inspector/promises` | `partial` | `ERR_OPENCONTAINERS_INSPECTOR_UNSUPPORTED` | `require('node:inspector/promises').open()` | Promise-based Session wraps the same browser-safe inspector subset as node:inspector, including Node-shaped CommonJS export order/top-level function metadata, native-shaped enumerable and constructable Session.post with own-prototype metadata, inherited connect/disconnect, duplicate-connect, truthy non-function callback validation before connection checks, main-thread connectToMainThread rejection, Node-shaped event-silent manual disconnect, Runtime.evaluate/getProperties with native-shaped invalid-parameter and invalid remote object protocol rejections, synthetic Profiler.start/stop CPU profiles, native-ordered, toStringTag-aligned no-op console and native-ordered Network/DOMStorage/NetworkResources namespace probes with native-shaped helper names/arities/prototype metadata, no-op domain probes, and Node-shaped promise rejection for unsupported commands; the real browser inspector protocol is not exposed to sandboxed code. | | `node:sea` | `stubbed` | `ERR_NOT_IN_SINGLE_EXECUTABLE_APPLICATION` | `require('node:sea').getAsset('missing')` | Single executable application probes are exposed with node:-only builtin metadata, native-shaped CommonJS export order, native accessor names/arities/own-prototype metadata, key and getAsset encoding argument validation with native-shaped received-value wording and coded String(error) output, and isSea() false; asset accessors throw Node's ERR_NOT_IN_SINGLE_EXECUTABLE_APPLICATION because OpenContainers is not packaged as a native SEA binary. | | `node:sqlite` | `stubbed` | `ERR_OPENCONTAINERS_SQLITE_UNSUPPORTED` | `new (require('node:sqlite').DatabaseSync)(':memory:').applyChangeset(new Uint8Array([1]))` | Exports constructible inert DatabaseSync plus non-constructible StatementSync and Session probe handles, backup, native-shaped extensible SQLite conflict/authorizer constants, default-free CommonJS export shape, and Node-shaped export/constant/prototype ordering and metadata including constructor prototype descriptors, no-new and illegal-constructor error codes, DatabaseSync path/options validation, open/close/isOpen state probes, anonymous DatabaseSync accessor metadata, limits metadata, createTagStore with non-exported SQLTagStore accessor/prototype shape, location() state and dbName validation, empty applyChangeset no-op behavior, validation-before-unsupported for SQL/changeset/backup helpers, backup option validation, backup Promise-return parity, backup/prototype-method own-prototype parity, and DatabaseSync/Session Symbol.dispose metadata with DatabaseSync close semantics; database operations, statement/session methods, backups, non-empty changesets, and SQLite execution throw ERR_OPENCONTAINERS_SQLITE_UNSUPPORTED until a WASM-backed adapter exists. | ## Runtime Boundary Errors | Area | Error Code | Behavior | | --- | --- | --- | | Native add-ons | `ERR_OPENCONTAINERS_NATIVE_ADDON_UNSUPPORTED` | Loading .node native add-ons is blocked. | | Native package adapters | `ERR_OPENCONTAINERS_NATIVE_MODULE_UNSUPPORTED` | Known native packages may install browser-safe adapters; unsupported native entrypoints throw. | | Raw external TCP | `ERR_OPENCONTAINERS_RAW_TCP_UNSUPPORTED` | Virtual loopback TCP is supported, but external raw sockets are unavailable to browser JavaScript. | | Host app origin | `ERR_OPENCONTAINERS_HOST_ORIGIN_BLOCKED` | Runtime fetch/http calls to the embedding app origin are blocked by default. | | External network permission | `ERR_OPENCONTAINERS_EXTERNAL_NETWORK_BLOCKED` | External browser fetch/http calls require an explicit external network permission. | | Browser network failure | `ERR_OPENCONTAINERS_EXTERNAL_FETCH_FAILED` | Browser CORS and network failures are surfaced as process/runtime errors. | | Child process permission | `ERR_OPENCONTAINERS_CHILD_PROCESS_PERMISSION` | Virtual child processes require the child-process permission gate. | | Native process APIs | `ERR_OPENCONTAINERS_PROCESS_UNSUPPORTED` | OS-level process operations such as uid/gid changes, dlopen, abort, and execve are unavailable. | | Crypto native/OpenSSL gaps | `ERR_OPENCONTAINERS_CRYPTO_UNSUPPORTED` | Browser-safe crypto subsets work; unsupported OpenSSL-style operations fail explicitly. | | Zlib browser gaps | `ERR_OPENCONTAINERS_ZLIB_UNSUPPORTED` | Compression APIs depend on available browser primitives or Node-backed test hosts. | | Synchronous zlib browser gaps | `ERR_OPENCONTAINERS_ZLIB_SYNC_UNSUPPORTED` | Synchronous compression helpers may be unavailable without a Node-backed host primitive. |