The JavaScript sandbox vm2 for Node.js was actually discontinued. Now an update closes a critical security vulnerability.