
Security News
npm ‘is’ Package Hijacked in Expanding Supply Chain Attack
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
chrome-inject-eval
Advanced tools
use eval in chrome extension v3+
你可以通过引入本包从而实现在 chrome 插件 v3 版本中使用 eval
{
...
"content_scripts": [
{
...
"js": [
"./node_modules/chrome-inject-eval/dist/umd.min.js",
"./src/[your inject].js"
],
...
}
],
...
}
const evil = evalCore.getEvalInstance(window);
evil("const a=1;");
console.log(a); // 1
const { evalModule, transformCode } = evalCore;
const { Interpreter } = evalModule;
Interpreter.global = window;
const interpreter = new Interpreter();
// 现在你可以使用eval5的所有功能
interpreter.evaluate(transformCode("const a=1;"));
console.log(a); // 1
chrome-inject-eval
的导出对象有三个属性,其中evalModule
本质上等于require("eval5")
,而 transform 则是通过 babel 把字符串编译成 ES5 代码,所以如果想使用更多 eval 相关的功能,可以参考 eval5官网
const evil = require("eval5");
const { transform } = require("@babel/standalone");
const transformCode = (codeStr) =>
transform(codeStr, { presets: ["env"] }).code;
const getEvalInstance = (obj) => {
const interpreter = new evil.Interpreter(obj, {
timeout: 1000,
});
return (codeStr) => interpreter.evaluate(transformCode(codeStr));
};
module.exports = {
evalModule: evil,
getEvalInstance,
transformCode,
};
FAQs
🔮use eval in chrome extension v3+
The npm package chrome-inject-eval receives a total of 5 weekly downloads. As such, chrome-inject-eval popularity was classified as not popular.
We found that chrome-inject-eval demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The ongoing npm phishing campaign escalates as attackers hijack the popular 'is' package, embedding malware in multiple versions.
Security News
A critical flaw in the popular npm form-data package could allow HTTP parameter pollution, affecting millions of projects until patched versions are adopted.
Security News
Bun 1.2.19 introduces isolated installs for smoother monorepo workflows, along with performance boosts, new tooling, and key compatibility fixes.