![Introducing Enhanced Alert Actions and Triage Functionality](https://cdn.sanity.io/images/cgdhsj6q/production/fe71306d515f85de6139b46745ea7180362324f0-2530x946.png?w=800&fit=max&auto=format)
Product
Introducing Enhanced Alert Actions and Triage Functionality
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
bcx-expression-evaluator
Advanced tools
Readme
Safely evaluate a JavaScript-like expression in given context.
In Buttonwood, we heavily use meta-data (JSON format) to deliver business logic from backend to front-end. We don't want to design a meta-data format too complex to maintain, this tool allows us to define some light logic in pure string, way more flexible than rigid meta-data, much safer and more maintainable than passing js function as string (we did that) from backend to front-end.
This tool was mainly extracted, modified and extended from the expression parser of aurelia-binding.
npm install --save bcx-expression-evaluator
function evaluate(expression, context, helper, opts)
expression
: the expression string to be evaluatedcontext
: the input model objecthelper
: optional helper objectopts
: optional hashmap, currently only support rejectAssignment
and stringInterpolationMode
rejectAssignment
rejects assignment in expressionstringInterpolationMode
treats the whole expression like if it's in backticks `expression`function evaluateStringInterpolation
is a short-cut to call evaluate with stringInterpolationMode option.
import {evaluate, evaluateStringInterpolation} from 'bcx-expression-evaluator';
const context = {
a: 1,
b: 2,
c: {
one: 'one',
two: 'two'
},
avg: function() { return (this.a + this.b) / 2; }
};
evaluate('avg() > a ? c.one : c.two', context); // => 'one';
const helper = {
limit: 5,
sum: (v1, v2) => v1 + v2
};
evaluate('sum(a, b) > limit', context, helper); // => false;
$this
variableevaluate('$this', context); // => the context object
evaluate('$this.a', context); // => 1
$parent
variable(carried over from aurelia-binding, might change $parent to $helper in future releases.)
evaluate('a', {a:1}, {a:2}); // => 1
evaluate('$this.a', {a:1}, {a:2}); // => 1
evaluate('$parent.a', {a:1}, {a:2}); // => 2
evaluate('`${a+1}`', {a:1}); // => '2'
You can evaluate a string interpolation without backtick "`"
evaluate('${a+1}', {a:1}, null, {stringInterpolationMode: true}); // => '2'
evaluateStringInterpolation('${a+1}', {a:1}); // => '2'
You don't have to escape backtick in stringInterpolationMode
evaluate('`\\`${a+1}\\``', {a:1}); // => '`2`', beware you need double escape as we are writing expression in string quotes
evaluate('`${a+1}`', {a:1}, null, {stringInterpolationMode: true}); // => '`2`'
evaluateStringInterpolation('`${a+1}`', {a:1}); // => '`2`'
evaluate('parseInt(a, 10)', {a:"7"}) // => undefined
// only have access to context and helper
evaluate('parseInt(a, 10)', {a:"7"}, {parseInt: parseInt}) // => 7
evaluate('a.b', {}) // => undefined, no error throwed
evaluate('a.b || c', {c: 'lorem'}) // => 'lorem', no error throwed
let obj = {a: 1, b: 2};
evaluate('a = 3', obj); // obj is now {a: 3, b: 2}
evaluate('b > 3 ? (a = true) : (a = false)', obj); // obj is now {a: false, b: 2}
This doesn't eliminate side effect, it would not prevent any function you called in bcx-expression to mutate something.
evaluate('a=1', {a:0}, null, {rejectAssignment: true}); // throws error
bcx-expression looks like JavaScript expression, but there are some difference.
let obj = {a: 1};
obj.b.a // => error
evaluate('b.a', obj); // => undefined
Behaviour carried over from aurelia-binding.
undefined + 1 // => NaN
1 + undefined // => NaN
null + 1 // => 1
1 + null // => 1
undefined + undefined // => NaN
null + null // => 0
// in bcx-expression, + and - ignores undefined/null value,
// if both left and right parts are (evaluated to) undefined/null, result default to 0
evaluate('undefined + 1'); // => 1
evaluate('1 + undefined'); // => 1
evaluate('null + 1'); // => 1
evaluate('1 + null'); // => 1
evaluate('undefined + undefined'); // => 0
evaluate('null + null'); // => 0
// all would not work in bcx-expression
(function(){return 1})()
(() => 1)()
arr.sort((a, b) => a > b)
// but this would work
arr.sort(aHelperFunc)
// this would not work in bcx-expression
/\w/.test(string)
typeof
, instanceof
, delete
would not work, because bcx-expression is not real JavaScript.
FAQs
Safely evaluate a JavaScript like expression in given context.
We found that bcx-expression-evaluator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.