
Security News
NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025
Security experts warn that recent classification changes obscure the true scope of the NVD backlog as CVE volume hits all-time highs.
This module is a simple way to evaluate a module content in the same way as require() but without loading it from a file. Effectively, it mimicks the javascript evil eval
function but leverages Node's VM module instead.
Why would you be using the eval
module over the nativerequire
? Most of the time require
is fine but in some situations, I have found myself wishing for the following:
Or simply to leverage JavaScript's eval
but with sandboxing.
It is published on node package manager (npm). To install, do:
npm install eval
var _eval = require('eval')
var res = _eval(content /*, filename, scope, includeGlobals */)
The following options are available:
content
(String): the content to be evaluatedfilename
(String): optional dummy name to be given (used in stacktraces)scope
(Object): scope properties are provided as variables to the contentincludeGlobals
(Boolean): allow/disallow global variables (and require) to be supplied to the content (default=false)var _eval = require('eval')
var res = _eval('var x = 123; exports.x = x')
// => res === { x: 123 }
res = _eval('module.exports = function () { return 123 }')
// => res() === 123
res = _eval('module.exports = require("events")', true)
// => res === require('events')
res = _eval('exports.x = process', true)
// => res.x === process
FAQs
Evaluate node require() module content directly
The npm package eval receives a total of 897,750 weekly downloads. As such, eval popularity was classified as popular.
We found that eval demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Security experts warn that recent classification changes obscure the true scope of the NVD backlog as CVE volume hits all-time highs.
Security Fundamentals
Attackers use obfuscation to hide malware in open source packages. Learn how to spot these techniques across npm, PyPI, Maven, and more.
Security News
Join Socket for exclusive networking events, rooftop gatherings, and one-on-one meetings during BSidesSF and RSA 2025 in San Francisco.