Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

eval5

Package Overview
Dependencies
Maintainers
0
Versions
27
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

eval5

A JavaScript interpreter written in JavaScript

  • 1.4.8
  • latest
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
841
increased by41.34%
Maintainers
0
Weekly downloads
 
Created
Source

eval5

中文 | English

GitHub license npm npm bundle size

基于 TypeScript 编写的 JavaScript 解释器,支持完整 ES5 语法

支持浏览器、node.js、小程序等 JavaScript 运行环境

在线体验

更多示例

使用场景

  • 浏览器环境中需要使用沙盒环境执行 JavaScript 脚本
  • 控制执行时长
  • 不支持eval Function的 JavaScript 运行环境:如 微信小程序 demo we-script taro-script
  • 研究/学习用

支持 ECMAScript 版本

ES5

安装

npm install --save eval5

使用

Edit eval5

import { Interpreter } from "eval5";

const interpreter = new Interpreter(window, {
	timeout: 1000,
});

let result;

try {
	result = interpreter.evaluate("1+1");
	console.log(result);

	interpreter.evaluate("var a=100");
	interpreter.evaluate("var b=200");
	result = interpreter.evaluate("a+b");

	console.log(result);
} catch (e) {
	console.log(e);
}

参数

interface Options {
	// 默认为:0,不限制
	timeout?: number;
	// 根作用域,只读
	rootContext?: {} | null;
	globalContextInFunction?: any;
}

示例

import { Interpreter } from "eval5";

const ctx = {};
const interpreter = new Interpreter(ctx, {
    rootContext: window,
	timeout: 1000,
});

interpreter.evaluate(`
    a = 100;
    console.log(a); // 100
`);

window.a;//undefined

Interpreter

version

当前版本

global

默认值: {}

设置默认的全局作用域

Interpreter.global = window;
const interpreter = new Interpreter();
interpreter.evaluate('alert("hello eval5")');

globalContextInFunction

默认值: undefined

eval5 不支持 use strict 严格模式, 在非严格下的函数中this默认指向的是全局作用域,但在eval5中是undefined, 可通过globalContextInFunction来设置默认指向。

import { Interpreter } from "Interpreter";

const ctx = {};
const interpreter = new Interpreter(ctx);
interpreter.evaluate(`
this; // ctx
function func(){
    return this; // undefined
}
func();
`);
import { Interpreter } from "Interpreter";

Interpreter.globalContextInFunction = window;
const ctx = {};
const interpreter = new Interpreter({});
interpreter.evaluate(`
this; // ctx
function func(){
    return this; // window
}
func();
`);

原因,示例代码:

注意: alert异常

import { Interpreter } from "Interpreter";

Interpreter.globalContextInFunction = {};

const ctx = {alert: alert};

const interpreter = new Interpreter(ctx);

interpreter.evaluate(`
// throw Illegal invocation
alert('Hello eval5'); // 同 alert.call({}, 'Hello eval5')
`);

constructor(context = Interpreter.global, options?: Options )

构造函数

Interpreter 的实例方法

evaluate(code: string): any

执行给定的字符串代码,并返回最后一个表达式的值

import { Interpreter } from "Interpreter";

const interpreter = new Interpreter(window);

const result = interpreter.evaluate(`
var a = 100;
var b = 200;

a+b;

`);

console.log(result); // 300

appendCode(code: string): any

evaluate的别名

getExecutionTime(): number

获取上一次调用evaluate的执行时长

setExecTimeout(timeout: number = 0): void

设置执行时长

getOptions(): Readonly<Options>

获取解释器参数


evaluate(code: string, ctx?: {}, options?: Options)

执行给定的字符串代码,并返回最后一个表达式的值

注: 该函数每次执行都会创建一个新的解释器

import { evaluate } from "eval5";

evaluate(
	`
var a = 100;
var b = 100;
console.log(a+b);
`,
	{ console: console }
); // 200

evaluate(`
    a;
`); // a is not defined

Function

该函数会将Interpreter.global Interpreter.globalContextInFunction当作默认值并创建新的解释器

import { Function } from "eval5";

const func = new Function("a", "b", "return a+b;");
console.log(func(100, 200)); // 300

vm

查看 vm

  • vm.createContext
  • vm.compileFunction
  • vm.runInContext
  • vm.runInNewContext
  • vm.Script

License

MIT

相关

Keywords

FAQs

Package last updated on 11 Aug 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc