better-eval
Advanced tools
Comparing version 1.1.9 to 1.2.0
{ | ||
"name": "better-eval", | ||
"version": "1.1.9", | ||
"version": "1.2.0", | ||
"description": "🔧 An alternative to the 'eval' function in JavaScript that is faster, easier/better to use, and has less security issues.", | ||
@@ -8,3 +8,4 @@ "main": "src/index.js", | ||
"test": "jest", | ||
"publish": "node scripts/bump-version.js && npm publish" | ||
"bump-version": "node scripts/bump-version.js", | ||
"publish": "npm publish" | ||
}, | ||
@@ -11,0 +12,0 @@ "repository": { |
# 🔧 better-eval | ||
> 🚩 better-eval doesnt fully protect you from user code. Use at your own risk. | ||
> 🚩 better-eval should not be used with code that could harm your application. | ||
### An alternative to the ```eval()``` function in JavaScript that is easier/better to use and has less security issues. | ||
### An alternative to ```eval()``` in JavaScript that is customizable and safer! | ||
The eval function in JS sucks, and there lacks alternatives that provide the same simplicity that the original eval function had. Better-Eval solves this problem by fixing these security issues, and delivering the same simplicity. | ||
The eval function in JavaScript sucks, and there lacks alternatives that provide the same simplicity that the original eval function had. **better-eval** solves this problem by adressing the security and spped issues, while delivering the same easy-to-use API. | ||
[![NPM Version](https://img.shields.io/npm/v/better-eval?style=flat-square&color=FF524C&labelColor=000)](https://www.npmjs.com/package/better-eval) | ||
[![NPM Downloads](https://img.shields.io/npm/dt/better-eval.svg?style=flat-square&color=FF524C&labelColor=000)](https://www.npmjs.com/package/better-eval) | ||
<a href="https://www.npmjs.com/package/better-eval"> | ||
<img src="https://img.shields.io/npm/v/better-eval?style=flat-square&color=FF524C&labelColor=000" alt="NPM Version"> | ||
<img src="https://img.shields.io/npm/dt/better-eval.svg?style=flat-square&color=FF524C&labelColor=000" alt="NPM Version"> | ||
<img src="https://badgen.net/badgesize/brotli/https/unpkg.com/better-eval/src?style=flat-square&label=size&color=FF524C&labelColor=000" alt="NPM Version"> | ||
</a> | ||
## Why Better-Eval? | ||
- Small and Lightweight. | ||
- A simple and easy to use API. | ||
- Easily customizable for your needs. | ||
- Secure to use. | ||
- 🕊 Small and Lightweight. | ||
- ⚡ A simple and easy to use API. | ||
- 🛠️ Easily customizable for your needs. | ||
- ✅ Tested and Mantained. | ||
## Installing Better-Eval | ||
## Installation | ||
```sh | ||
@@ -29,9 +30,11 @@ npm install better-eval | ||
First, import the package. | ||
```js | ||
const betterEval = require('better-eval') | ||
const betterEval = require("better-eval"); | ||
``` | ||
Then call the function with something you want to be evaluated: | ||
```js | ||
betterEval('1+1') // returns 2! | ||
betterEval("1+1"); // returns 2! | ||
``` | ||
@@ -42,29 +45,39 @@ | ||
## Passing Variables | ||
Include any variables as part of an object which you pass in as the second parameter: | ||
```js | ||
const name = "Sam" | ||
const name = "Sam"; | ||
betterEval("`Hey ${name}`", {name}) //returns 'Hey Sam' | ||
betterEval("`Hey ${name}`", { name }); //returns 'Hey Sam' | ||
``` | ||
You can also pass functions as a part of the second parameter, and evaluate them in your code: | ||
```js | ||
const returnName = () => "Bob" | ||
const returnName = () => "Bob"; | ||
betterEval("`Hey ${returnName()}`", {returnName}) | ||
betterEval("`Hey ${returnName()}`", { returnName }); | ||
``` | ||
However, for your safety, usage of the ```Function``` constructor and ```eval``` function are disabled, and will not be added to your variables. | ||
However, for your safety, usage of the `Function` constructor, `eval` function and `require` function are disabled, and will not be added to your variables. | ||
```js | ||
betterEval("`Sum is{eval('1+1')}`", {eval}) // eval is null! | ||
betterEval("`Sum is ${eval('1+1')}`", { eval }); // eval is null! | ||
``` | ||
## Configuring the VM | ||
If you want to have more control over the VM that runs your code, you can pass in an ```vmOptions``` parameter: | ||
If you want to have more control over the VM that runs your code, you can pass in an `vmOptions` parameter: | ||
```js | ||
betterEval("1+1", {}, { | ||
fileName: 'counting', | ||
lineOffset: 1 | ||
}) | ||
betterEval( | ||
"1+1", {}, | ||
{ | ||
fileName: "counting", | ||
lineOffset: 1, | ||
} | ||
); | ||
``` | ||
A complete list of options can be found [here](https://nodejs.org/api/vm.html#vmrunincontextcode-contextifiedobject-options). | ||
@@ -71,0 +84,0 @@ |
@@ -15,6 +15,6 @@ "use strict"; | ||
function betterEval(code, insertedVariables = null, vmOptions = {}) { | ||
//start by generating a random variable name for our evaled value | ||
// start by generating a random variable name for our evaled value | ||
const resultName = "EVAL_RESULT_" + Math.floor(Math.random() * 1000000); | ||
//then assign it to our results object | ||
// then assign it to our results object | ||
let results = {}; | ||
@@ -31,6 +31,6 @@ results[resultName] = null; | ||
//run the code on the vm | ||
// run the code on the vm | ||
vm.runInNewContext(codeExec, results, vmOptions); | ||
//return the executed value | ||
// return the executed value | ||
return results[resultName]; | ||
@@ -37,0 +37,0 @@ } |
7134
86