Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
An alternative to JavaScript's eval() for solving mathematical expressions. It can be extended to use the Big Number libraries available to provide results with maximum precision.
npm install bigeval
> var BigEval = require('bigeval')
<script src="BigEval.js"></script>
Eval
).After including BigEval.js, the first step is to create an instance of BigEval. Then we can use the exec()
method to solve an expression. See project page for a working example.
var Obj = new BigEval();
var result = Obj.exec("5! + 1e3 * (PI + E)"); // 5979.874482048837
var result2 = Obj.exec("sin(45 * deg)**2 + cos(pi / 4)**2"); // 1
var result3 = Obj.exec("0 & -7 ^ -7 - 0%1 + 6%2"); //-7
var result4 = Obj.exec("sin( acos( ceil( tan(pi/6) ) ) )"); // sin(0) i.e. 0
var result5 = Obj.exec("((1 << 4) ^ (14 >> 1)) + pi"); // 26.141592653589793
The exec
method returns the answer as string. If an error occurs, then Obj.err
is set to true and the error message is returned by exec().
The operators currently supported in order of precedence are -
[
['!'], // Factorial
['**'], // power
['/', '*', '%'],
['+', '-'],
['<<', '>>'], // bit shifts
['<', '<=', '>', '>='],
['==', '=', '!='], // equality comparisons
['&'], ['^'], ['|'], // bitwise operations
['&&'], ['||'] // logical operations
]
BigEval supports functions like sin(), cos() ... When a function is used in an expression, BigEval first looks into its methods to see if such a function exist, then it looks into the JavaScript's Math library.
If you want it to fallback into the global namespace (i.e window) when it cannot find a function, you should set bigEval.fallbackToGlobalFunctions = true;
.
Please note that we use just sin()
and not Math.sin()
in expressions. Attaching a new function to BigEval is easy.
var Obj = new BigEval();
Obj.prototype.avg = function(a, b){
return this.div( this.add(a,b) , "2");
};
Constants are nothing but properties of the BigEval object. To use a constant such as PI in an expression, we can simply write PI
. Example - sin( PI / 4 )
.
To add a new constant, we do Obj.CONSTANT.NAME = VALUE
. The VALUE should be in string format.
Obj.CONSTANT.INTOCM = '2.54'; // inch to cm
console.log(Obj.exec('12 * intocm')); // the case doesn't matter in expressions
A constant NAME should start with an alphabet and should only use [a-zA-Z0-9_]
characters. Default constants include -
PI = 3.1415...
PI_2 = PI / 2
LOG2E = log(e) / log(2)
DEG = PI / 180
E = 2.718...
INFINITY = Infinity
NaN = NaN
BigEval can be extended with any of the big number libraries for JavaScript. To extend BigEval, we only need to change its methods that are responsible for adding, subtracting and so. For an example see the extension MikeMcl-decimal.js which is based on MikeMcl's Decimal.js library. The HTML page extended.html shows how to use this extension.
To use decimaljs extension with Node, download the file and then
var BigEval = require('./MikeMcl-decimal.js');
var b = new BigEval();
console.log(b.exec('-2 + 3'));
FAQs
Mathematical expression solving library
The npm package bigeval receives a total of 62 weekly downloads. As such, bigeval popularity was classified as not popular.
We found that bigeval demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.