Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

better-eval

Package Overview
Dependencies
Maintainers
1
Versions
31
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

better-eval

🔧 An alternative to the 'eval' function in JavaScript that is faster, easier/better to use, and has less security issues.

  • 1.3.0
  • latest
  • Source
  • npm
  • Socket score
Version published
Maintainers
1
Created
Source

better-eval logo

An alternative to eval() in JavaScript that is customizable and safer!

The eval function sucks, lacking any form of security and customizability. Other implementations are inadequate - ranging from being abandonded to overcomplicated. better-eval offers a solution, providing a modern alternative to the eval function with all the bells and whistles out of the box.

NPM Version NPM Version NPM Version

better-eval - 🔧 An alternative to 'eval' that is just better! | Product Hunt

Why Better-Eval?

  • 🕊 Small and lightweight.
  • ⚡ A simple and easy to use API.
  • 🛠️ Easily customizable for your needs.
  • ✅ Tested and mantained.

Installation

npm install better-eval

Usage

First, import the package:

const betterEval = require("better-eval");

Then call the function with something you want to be evaluated:

betterEval("1+1"); // returns 2

And its as simple as that! Any code will not be able to access variables you define unless explicitly passed.

Passing Variables

Include any variables as part of an object which you pass in as the second parameter:

const name = "Sam";

betterEval("`Hey ${name}`", { name }); // returns 'Hey Sam'

You can also pass functions as a part of the second parameter, and evaluate them in your code:

const returnName = () => "Bob";

betterEval("`Hey ${returnName()}`", { returnName }); // returns 'Hey Bob'

Blacklist

For your safety, any of these global variables on the blacklist will not be added to your variables:

  • global
  • process
  • module
  • require
  • document
  • window
  • Window
  • eval
  • Function

Here is how they will be handled:

betterEval("`Sum is ${eval('1+1')}`", { eval }); // eval is null!

Remember: never use better-eval blindly with user code. These checks are precautions for your own usage, but any user with maltious intent could find a way to get through them. Thus, use this package with caution.

Configuring the VM

If you want to have more control over the VM that runs your code, you can pass in an vmOptions parameter:

betterEval(
  "1+1", {},
  {
    fileName: "counting",
    lineOffset: 1,
  }
);

A complete list of options can be found here.

License

better-eval is MIT-licensed open-source software created by Bharadwaj Duggaraju.

Keywords

FAQs

Package last updated on 28 Mar 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

Security News

Risky Business Podcast: Why Open Source Software Needs Better Malware Tracking

In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.

By Sarah Gooding  -  Nov 20, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc