Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
estreval
Advanced tools
Readme
Evaluate JavaScript abstract syntax tree in ESTree format
This is a sandboxed runtime to evaluate JavaScript expressions.
Here is an example page to interact with it.
The interpreter supports a reasonable subset of ES5, the 5th Edition of the ECMAScript language specification (PDF). In addition, some modern syntax is supported:
Notably missing are Promise
and async/await, because there is no event loop.
The main function parses and evaluates an expression.
const estreval = require('estreval')
estreval('1 + 2 * 3') // 7
The expression can be given as string, or an object in ESTree format.
The second argument is a context
object (optional). It defines the global context of variables to which the code will have access.
const context = { x: 3 }
estreval('y => x * y', context)(5) // 15
The third argument is an options
object (optional).
estreval(code, context, options)
It can have the following properties.
timeout
- Maximum amount of time (in milliseconds) allowed for the code - Default: 100
maxSteps
- Maximum number of steps allowed for the code - Default: 1024
The default parser uses Acorn.
It can be imported by itself.
const parse = require('estreval/parse')
const tree = parse('y => x * y') // ESTree format
To use a custom parser, first import the evaluate function separately.
The following example uses Esprima.
const evaluate = require('estreval/evaluate')
const { parseScript: parse } = require('esprima')
const tree = parse('y => x * y')
const context = { x: 3 }
const options = { parse }
evaluate(tree, context, options)(5) // 15
The parse function can be passed as the parse
option. It will be used when new instances of Function
are created inside the runtime. Otherwise, the use of Function
will throw an error.
To use the Babel parser, specify its built-in plugin estree
to convert the syntax tree to ESTree format.
const { parse } = require('@babel/parser')
const tree = parse(code, {
plugins: ['estree']
})
This is necessary because Babel uses its own AST format, with some differences from the ESTree specification.
Start a read-eval-print loop to interact with the runtime in the terminal.
node repl
The following functions are provided for convenience.
print( any )
- Show value using inspect
and console.log
parse( string )
- Parse given string and print abstract syntax treeEnter .reload
in the REPL to reload the library after editing its files.
Build unminified for development, watch files for changes, and start server for test page
npm run dev
Build minified for production
npm run build
FAQs
Evaluate JavaScript abstract syntax tree in ESTree format
The npm package estreval receives a total of 130 weekly downloads. As such, estreval popularity was classified as not popular.
We found that estreval demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.