npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

es-eval

v0.6.0

Published

Run JavaScript safely

Downloads

16

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

danielduartedanielduarte

Keywords

ParserEvalECMAScriptJavaScriptRunnerCodeInterpreterSafety

Readme

es-eval

Evaluate JavaScript expressions safely. No more being afraid of what the users enter!

:game_die: Playground (pre-release version)

Installation

npm i es-eval

Usage

// Simple expression
const esEval = require('es-eval');

const result = esEval('1 + 2');
console.log(result); // Output: 3
// User values
const esEval = require('es-eval');

const result = esEval('1 + x', { x: 4 });
console.log(result); // Output: 5

Or more complex examples:

// IIFE example
const esEval = require('es-eval');

const exp = `(() => {
  const out = [];

  const callback = () => {
    out.push('callback() called');
  };

  const main = function (param, cb) {
    out.push('main() started with param = "' + param + '"');
    cb();
    out.push('main() finished');
  };

  main('My value', callback);

  return out;
})()`;

console.log(esEval(exp));
// Output: [
//   'main() called with My value',
//   'Callback called!',
//   'main() finished'
// ]
// Hangup protection in infinite loop
const esEval = require('es-eval');

try {
  esEval(`(() => {
    while (true) {}
  })()`);
} catch (err) {
  console.log(err.message); // Output: 'Evaluation timeout'
}

Features

| Feature | Notes | |---------|-------| | Hangup protection | The execution of any user inputs is protected against intentional or unintentional hangups. Since it is mathematically proven that the halting problem is undecidable, hence it cannot be automatically computed, this protection is based on a configurable timeout. | | Primitive values | number, string, boolean and undefined values. | | Objects | { key: 'value' }, null, built-in static methods: Object.entries(), Object.keys(), Object.values() | | Arrays | [1, 2, 3], built-in properties and methods: length, push, pop, shift, ushift, slice, splice, forEach, map, filter, reduce, includes | | Arrow function expressions | (x, y) => x + y | | Standard function expressions | function () { return 'value'; } | | Closures | | | Nested expressions | (a < (b + 1) && a - (a < ([1, 2].map(x => 1 + x)).length)) | | Callbacks | cb => { cb(); return 1; } | | Mathematical operations | +, -, /, *, %, ** | | Comparators | ===, !==, ==, !=, <, >, <=, >= | | Logical operations | &&, ||, ! | | Bitwise operations | &, |, ^ | | Ternary operator | ... ? ... : ... | | Nullish operator | ?? | | Variables | const and let declarations. Assignments. | | Conditional | if / else statement. | | Loops | while statement. | | JSON | JSON.parse() and JSON.stringify(). | | Math | Math.random(), Math.min(), Math.max(), Math.floor(), Math.ceil() and Math.round(). | | Spread operator (...) | Spread syntax for arrays, objects, and parameters. | | Global functions | parseFloat and parseInt. |

Coming soon...

| Status | Feature | Notes | |--------|---------|-------| | :sweat: In Progress | isNaN | Determines whether a value is NaN. | | :sweat: In Progress | isFinite | Determines whether a value is a finite number. | | :sweat: In Progress | for ... of loop | Creates a loop iterating over iterable objects, including: built-in String and Array | | :hourglass_flowing_sand: To-Do | Array.from() | Creates a copy of an iterable or array-like object. | | :hourglass_flowing_sand: To-Do | Array.isArray() | Determines whether the passed value is an Array. | | :hourglass_flowing_sand: To-Do | Array.of() | Creates an array from the arguments. |

Future features

:incoming_envelope: Vote what's coming on! :bulb: or Suggest your ideas.

| Feature | Notes | |---------|-------| | Browser support | | | for in loop | | | for (;;) loop | | | do ... while loop | | | Destructuring | | | And a lot more!... | |

How it works?

  • It never executes user code passing it to JS engine (no eval(), no new Function(...), no vm, no other third party engines), making sure the evaluation is safe.
  • No access to require/import modules.
  • No access to OS features like file system, network, etc.
  • No access to global objects.
  • All user code is parsed to an AST and analyzed step by step, representing the code statements and functions in own components. No native functions are created with the user input.
  • All access to global objects is emulated and there's no real access to natives.
  • Standard ECMAScript features are implemented and not delegated to the underlying engine.

What is this for

:white_check_mark: Evaluate user input expressions safely

:white_check_mark: Easily provide a way to enter and evaluate custom conditions

:white_check_mark: Embed JS expressions in template engines

:white_check_mark: Parse custom JS functions once and evaluate them many times

:white_check_mark: Create expressions with context values, including objects and arrays

What is this NOT for

:no_entry: Create entire applications

:no_entry: Replace V8, or other JS engines