better-eval
Advanced tools
Comparing version 1.1.9 to 1.2.0
| { | ||
| "name": "better-eval", | ||
| "version": "1.1.9", | ||
| "version": "1.2.0", | ||
| "description": "🔧 An alternative to the 'eval' function in JavaScript that is faster, easier/better to use, and has less security issues.", | ||
@@ -8,3 +8,4 @@ "main": "src/index.js", | ||
| "test": "jest", | ||
| "publish": "node scripts/bump-version.js && npm publish" | ||
| "bump-version": "node scripts/bump-version.js", | ||
| "publish": "npm publish" | ||
| }, | ||
@@ -11,0 +12,0 @@ "repository": { |
| # 🔧 better-eval | ||
| > 🚩 better-eval doesnt fully protect you from user code. Use at your own risk. | ||
| > 🚩 better-eval should not be used with code that could harm your application. | ||
| ### An alternative to the ```eval()``` function in JavaScript that is easier/better to use and has less security issues. | ||
| ### An alternative to ```eval()``` in JavaScript that is customizable and safer! | ||
| The eval function in JS sucks, and there lacks alternatives that provide the same simplicity that the original eval function had. Better-Eval solves this problem by fixing these security issues, and delivering the same simplicity. | ||
| The eval function in JavaScript sucks, and there lacks alternatives that provide the same simplicity that the original eval function had. **better-eval** solves this problem by adressing the security and spped issues, while delivering the same easy-to-use API. | ||
| [](https://www.npmjs.com/package/better-eval) | ||
| [](https://www.npmjs.com/package/better-eval) | ||
| <a href="https://www.npmjs.com/package/better-eval"> | ||
| <img src="https://img.shields.io/npm/v/better-eval?style=flat-square&color=FF524C&labelColor=000" alt="NPM Version"> | ||
| <img src="https://img.shields.io/npm/dt/better-eval.svg?style=flat-square&color=FF524C&labelColor=000" alt="NPM Version"> | ||
| <img src="https://badgen.net/badgesize/brotli/https/unpkg.com/better-eval/src?style=flat-square&label=size&color=FF524C&labelColor=000" alt="NPM Version"> | ||
| </a> | ||
| ## Why Better-Eval? | ||
| - Small and Lightweight. | ||
| - A simple and easy to use API. | ||
| - Easily customizable for your needs. | ||
| - Secure to use. | ||
| - 🕊 Small and Lightweight. | ||
| - ⚡ A simple and easy to use API. | ||
| - 🛠️ Easily customizable for your needs. | ||
| - ✅ Tested and Mantained. | ||
| ## Installing Better-Eval | ||
| ## Installation | ||
| ```sh | ||
@@ -29,9 +30,11 @@ npm install better-eval | ||
| First, import the package. | ||
| ```js | ||
| const betterEval = require('better-eval') | ||
| const betterEval = require("better-eval"); | ||
| ``` | ||
| Then call the function with something you want to be evaluated: | ||
| ```js | ||
| betterEval('1+1') // returns 2! | ||
| betterEval("1+1"); // returns 2! | ||
| ``` | ||
@@ -42,29 +45,39 @@ | ||
| ## Passing Variables | ||
| Include any variables as part of an object which you pass in as the second parameter: | ||
| ```js | ||
| const name = "Sam" | ||
| const name = "Sam"; | ||
| betterEval("`Hey ${name}`", {name}) //returns 'Hey Sam' | ||
| betterEval("`Hey ${name}`", { name }); //returns 'Hey Sam' | ||
| ``` | ||
| You can also pass functions as a part of the second parameter, and evaluate them in your code: | ||
| ```js | ||
| const returnName = () => "Bob" | ||
| const returnName = () => "Bob"; | ||
| betterEval("`Hey ${returnName()}`", {returnName}) | ||
| betterEval("`Hey ${returnName()}`", { returnName }); | ||
| ``` | ||
| However, for your safety, usage of the ```Function``` constructor and ```eval``` function are disabled, and will not be added to your variables. | ||
| However, for your safety, usage of the `Function` constructor, `eval` function and `require` function are disabled, and will not be added to your variables. | ||
| ```js | ||
| betterEval("`Sum is{eval('1+1')}`", {eval}) // eval is null! | ||
| betterEval("`Sum is ${eval('1+1')}`", { eval }); // eval is null! | ||
| ``` | ||
| ## Configuring the VM | ||
| If you want to have more control over the VM that runs your code, you can pass in an ```vmOptions``` parameter: | ||
| If you want to have more control over the VM that runs your code, you can pass in an `vmOptions` parameter: | ||
| ```js | ||
| betterEval("1+1", {}, { | ||
| fileName: 'counting', | ||
| lineOffset: 1 | ||
| }) | ||
| betterEval( | ||
| "1+1", {}, | ||
| { | ||
| fileName: "counting", | ||
| lineOffset: 1, | ||
| } | ||
| ); | ||
| ``` | ||
| A complete list of options can be found [here](https://nodejs.org/api/vm.html#vmrunincontextcode-contextifiedobject-options). | ||
@@ -71,0 +84,0 @@ |
@@ -15,6 +15,6 @@ "use strict"; | ||
| function betterEval(code, insertedVariables = null, vmOptions = {}) { | ||
| //start by generating a random variable name for our evaled value | ||
| // start by generating a random variable name for our evaled value | ||
| const resultName = "EVAL_RESULT_" + Math.floor(Math.random() * 1000000); | ||
| //then assign it to our results object | ||
| // then assign it to our results object | ||
| let results = {}; | ||
@@ -31,6 +31,6 @@ results[resultName] = null; | ||
| //run the code on the vm | ||
| // run the code on the vm | ||
| vm.runInNewContext(codeExec, results, vmOptions); | ||
| //return the executed value | ||
| // return the executed value | ||
| return results[resultName]; | ||
@@ -37,0 +37,0 @@ } |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by3.42%
7134
- Number of lines in readme file
- increased by17.81%
86
No dependency changes