ScrollLaunchpadJobsSearchBlog

Aditya Dhanraj

Mar 17, 2026 • 1 min read

How Coding Websites Run Your Code Safely: The Judge0 Story

Judge0 is a code execution engine for coding platforms (like LeetCode). You send code + language + input -> Judge0 compiles/runs it safely -> returns output, errors, time, memory, exit staus.

How Coding Websites Run Your Code Safely: The Judge0 Story

What Exactly Is Judge0?

  • Open-source service (you can self-host).

  • Provides REST API for:

    • run code

    • compile code

    • run with stdin

    • return stdout/stderr/time/memory/status

  • Supports many languages (C/C++, Java, Python, JS, Go, etc.).

  • Has community edition + hosted options.

So no, it is not a mysterious black box if self-hosted.
You can inspect code and control many settings.

How Judge0 Works Internally (Backend Flow)

When you call Judge0 API:

  1. Submission created

    • You POST code + language_id + optional stdin + limits.

  2. Saved to DB

    • Submission gets a token (id-like key).

  3. Queued

    • Job enters queue (Redis).

  4. Worker picks job

    • Background worker takes one pending submission.

  5. Sandbox run

    • Code runs in isolated environment (container + sandbox tools).

  6. Resource limits enforced

    • CPU time, wall time, memory, output size, processes, etc.

  7. Result stored

    • Status + stdout/stderr + compile output + metrics.

  8. You fetch result

    • Poll by token until status is Accepted / Runtime Error / etc.

How to Use in Code” (Typical Integration)

1) Backend sends submission

// Example with axios

const payload = {
source_code: "print(input())",
language_id: 71, // (example: Python 3 id may vary by image/version)
stdin: "hello"
};

const { data } = await axios.post(
"http://YOUR_JUDGE0_HOST/submissions?base64_encoded=false&wait=false",
payload
);

// data.token -> store this token

2) Poll for result

const { data } = await axios.get(
"http://YOUR_JUDGE0_HOST/submissions/${token}?base64_encoded=false"
);
data.status.id, data.stdout, data.stderr, data.compile_output, data.time, data.memory

3) In your app flow

  • frontend sends code to your backend

  • backend calls Judge0 (never expose secrets/internal endpoints directly if avoidable)

  • backend polls and returns final verdict to frontend

Resource Management (How Judge0 Prevents Abuse)

Judge0 enforces limits per submission:

  • time limit -> kills infinite loops

  • memory limit -> kills memory abuse

  • process/thread limit -> blocks fork bombs

  • output limits -> prevents huge stdout spam

  • optional network disable -> blocks internet misuse

  • isolated filesystem/runtime -> limits host access

This is why using a mature judge is much safer than DIY quick scripts.

Join Aditya on Peerlist!

Join amazing folks like Aditya and thousands of other builders on Peerlist.

peerlist.io/

It’s available... this username is available! 😃

Claim your username before it's too late!

This username is already taken, you’re a little late.😐

0

2

0