@agoric/evaluate - npm Package Compare versions

Comparing version 1.1.0 to 1.2.0

package.json

 {
   "name": "@agoric/evaluate",
-  "version": "1.1.0",
+  "version": "1.2.0",
   "description": "(unsafe) three-argument evaluator function",
@@ -28,3 +28,4 @@ "main": "src/main.js",
   },
-  "dependencies": { 
+  "dependencies": {
+    "@agoric/default-evaluate-options": "0.0.2",
     "esm": "^3.2.5"
@@ -31,0 +32,0 @@ },

src/index.js

@@ -0,4 +1,9 @@
+import makeDefaultEvaluateOptions from '@agoric/default-evaluate-options';
+
 // The evaluate maker, which curries the makerOptions.
 export const makeEvaluators = (makerOptions = {}) => {
-  const makeEvaluator = isExpr => (source, endowments = {}, options = {}) => {
+  // Evaluate any shims, globally!
+  (makerOptions.shims || []).forEach(shim => (1, eval)(shim));
+
+  const makeEvaluator = sourceType => (source, endowments = {}, options = {}) => {
     const fullTransforms = [
@@ -20,7 +25,14 @@ ...(options.transforms || []),
       (ss, transform) => (transform.rewrite ? transform.rewrite(ss) : ss),
-      { isExpr, src: source },
+      { sourceType, src: source },
     );
+    
+    // Work around Babel appending semicolons.
+    const maybeSource = sourceState.src;
+    const actualSource = maybeSource.endsWith(';') && !source.endsWith(';') ?
+      maybeSource.slice(0, -1) : maybeSource;
 
     // Generate the expression context, if necessary.
-    const src = isExpr ? `(${sourceState.src}\n)` : sourceState.src;
+    const src = sourceType === 'expression' ? `(${actualSource}\n)` : actualSource;
+
+    // console.error(`have rewritten`, src);
     const names = Object.getOwnPropertyNames(endowmentState.endowments);
@@ -45,4 +57,4 @@
   return {
-    evaluateProgram: makeEvaluator(false),
-    evaluateExpr: makeEvaluator(true),
+    evaluateProgram: makeEvaluator('program'),
+    evaluateExpr: makeEvaluator('expression'),
   };
@@ -52,4 +64,5 @@ };
 // Export the default evaluators.
-const { evaluateExpr, evaluateProgram } = makeEvaluators();
-export { evaluateExpr, evaluateProgram };
+const defaultEvaluateOptions = makeDefaultEvaluateOptions();
+const { evaluateExpr, evaluateProgram } = makeEvaluators(defaultEvaluateOptions);
+export { defaultEvaluateOptions, evaluateExpr, evaluateProgram };
 export default evaluateExpr;

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Uses eval

Supply chain risk

Package uses dynamic code execution (e.g., eval()), which is a dangerous practice. This can prevent the code from running in certain environments and increases the risk that the code may contain exploits or malicious behavior.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

19454

increased by3.34%

Lines of code

81

increased by12.5%

Worsened metrics

Dependency count

2

increased by100%

Number of medium supply chain risk alerts

2

increased byInfinity%

Dependency changes

• + Added@agoric/default-evaluate-options@0.0.2

• + Added@agoric/babel-parser@7.9.4(transitive)

• + Added@agoric/default-evaluate-options@0.0.2(transitive)

• + Added@agoric/eventual-send@0.1.11(transitive)

• + Added@agoric/harden@0.0.4(transitive)

• + Added@agoric/make-hardener@0.0.4(transitive)

• + Added@agoric/transform-bang@0.3.3(transitive)

• + Added@babel/generator@7.26.5(transitive)

• + Added@babel/helper-string-parser@7.25.9(transitive)

• + Added@babel/helper-validator-identifier@7.25.9(transitive)

• + Added@babel/parser@7.26.5(transitive)

• + Added@babel/types@7.26.5(transitive)

• + Added@jridgewell/gen-mapping@0.3.8(transitive)

• + Added@jridgewell/resolve-uri@3.1.2(transitive)

• + Added@jridgewell/set-array@1.2.1(transitive)

• + Added@jridgewell/sourcemap-codec@1.5.0(transitive)

• + Added@jridgewell/trace-mapping@0.3.25(transitive)

• + Addedjsesc@3.1.0(transitive)