Package Exports
- es-eval
- es-eval/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (es-eval) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
es-eval
Evaluate JavaScript expressions safely. No more being afraid of what the users enter!
Installation
npm i es-evalUsage
const esEval = require('es-eval');
const result = esEval('1 + 2');
console.log(result); // Output: 3Or a more complex example:
// IIFE example
const exp = `(() => {
const out = [];
const callback = () => {
out.push('callback() called');
};
const main = function (param, cb) {
out.push('main() started with param = "' + param + '"');
cb();
out.push('main() finished');
};
main('My value', callback);
return out;
})()`;
console.log(esEval(exp));
// Output: [
// 'main() called with My value',
// 'Callback called!',
// 'main() finished'
// ]Features
| Feature | Notes |
|---|---|
| Primitive values | number, string, boolean and undefined values. |
| Objects | { key: 'value' }, null |
| Arrays | [1, 2, 3] |
| Arrow function expressions | (x, y) => x + y |
| Standard function expressions | function () { return 'value'; } |
| Nested expressions | (a < (b + 1) && a - (a < ([1, 2].map(x => 1 + x)).length)) |
| Callbacks | |
| Mathematical operations | |
| Logical operations | |
| Bitwise operations | |
| Ternary operator | |
| Nullish operator | |
| Variables | const and let declarations. Assignments. |
Coming soon...
| Status | Feature | Notes |
|---|---|---|
| ✅ To Release | Hangup protection | The execution of any user inputs is protected against intentional or unintentional hangups. Since it is mathematically proven that the halting problem is undecidable, hence it cannot be automatically computed, this protection is based on a configurable timeout. |
| ✅ To Release | while loop |
The while statement. |
| ✅ To Release | Array.prototype.includes |
Array method to determine is an array includes a value. |
| 😓 In Progress | Array.prototype.filter |
Array method to filter elements with a user callback. |
| ⏳ To-Do | Spread operator (...) |
Spread syntax for arrays, objects, and parameters. |
| ⏳ To-Do | JSON global object |
Functionality to parse and serialize JSON (JSON.parse(...) and JSON.stringify(...)). |
| ⏳ To-Do | Object static methods |
Static functionality provided by Object class. |
| ⏳ To-Do | String.prototype.trim |
String trim method. |
| ⏳ To-Do | parseFloat |
Global function to convert a value into a floating point number. |
Future features
📨 Vote what's coming on! 💡 or Suggest your ideas.
| Feature | Notes |
|---|---|
| Browser support | |
for of loop |
|
for in loop |
|
for (;;) loop |
|
do ... while loop |
|
| And a lot more!... |
How it works?
- It never executes user code passing it to JS engine (no
eval(), nonew Function(...), novm, no other third party engines), making sure the evaluation is safe. - No access to require/import modules.
- No access to OS features like file system, network, etc.
- No access to global objects.
- All user code is parsed to an AST and analyzed step by step, representing the code statements and functions in own components. No native
functions are created with the user input. - All access to global objects is emulated and there's no real access to natives.
- All standard ECMAScript features are implemented and not delegated to the underlying engine.
What is this for
✅ Evaluate user input expressions safely
✅ Easily provide a way to enter and evaluate custom conditions
✅ Embed JS expressions in template engines
✅ Parse custom JS functions once and evaluate them many times
✅ Create expressions with context values, including objects and arrays
What is this NOT for
⛔ Create entire applications
⛔ Replace V8, or other JS engines