@borkdude/sci
Advanced tools
A tiny implementation of Clojure in Clojure.
You want to evaluate code from user input, but eval isn't safe or simply
doesn't work.
This library works with:
:advancedIt is used as the interpreter for babashka.
Experimental. Breaking changes are expected to happen at this phase.
Use as a dependency:
(require '[sci.core :as sci])
(sci/eval-string "(inc 1)") => ;; 2
(sci/eval-string "(inc x)" {:bindings {'x 2}}) ;;=> 3
const { evalString } = require('@borkdude/sci');
const f = evalString("(fn [obj] (-> obj js->clj frequencies clj->js))")
> f(["foo", "bar", "foo"]);
{ foo: 2, bar: 1 }
Currently the following special forms/macros are supported: def, fn,
function literals (#(inc %)), defn, quote, do,if, when, cond,
let, and, or, ->, ->>, as->, comment, loop, lazy-seq, for,
doseq, case.
In sci, defn does not mutate the outside world, only the evaluation
context inside a call to sci/eval-string.
By default sci only enables access to the pure non-side-effecting functions in
Clojure. More functions can be enabled, at your own risk, using :bindings:
user=> (sci/eval-string "(println \"hello\")" {:bindings {'println println}})
hello
nil
More examples of what is currently possible can be found at babashka.
To make the rand-* functions behave well when compiling to a GraalVM native binary, use this setting:
--initialize-at-run-time=java.lang.Math\$RandomNumberGeneratorHolder
Required: lein, the clojure CLI and GraalVM.
To succesfully run the GraalVM tests, you will have to compile the binary first
with script/compile.
To run all tests:
script/test/all
For running individual tests, see the scripts in script/test.
Copyright © 2019 Michiel Borkent
Distributed under the Eclipse Public License 1.0. This project contains code from Clojure and ClojureScript which are also licensed under the EPL 1.0. See LICENSE.
FAQs
Small Clojure Interpreter.
The npm package @borkdude/sci receives a total of 0 weekly downloads. As such, @borkdude/sci popularity was classified as not popular.
We found that @borkdude/sci demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.