Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →

eval5

Package Overview

Dependencies

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

eval5

A JavaScript interpreter, written completely in JavaScript

1.3.1
Source
npm

Version published: 5 years ago

Weekly downloads: 841; increased by41.34%

Maintainers: 1

Weekly downloads

Created: 5 years ago

Source

eval5

基于 JavaScript 编写的 JavaScript 解释器;A JavaScript interpreter, written completely in JavaScript;

支持es5语法

解决在不支持eval或Function的执行环境下执行 JavaScript 代码。例如：微信小程序示例。

Usage

npm install --save eval5

import { evaluate, Function, vm, Interpreter } from "eval5";

// 设置默认作用域
Interpreter.global = window;

//或 evaluate("1+1", Object.create(window));
evaluate("1+1", window); // 2

const func = new Function("a", "b", "return a+b;");

console.log(func(1, 1)); // 2

const interpreter = new Interpreter(ctx, {
	timeout: 1000,
});

let result;

try {
	result = interpreter.evaluate("1+1");
	console.log(result); //2
} catch (e) {
	//..
}

Interpreter

static `version`

VERSION

static `global`

object 默认：Object.create(null)

设置默认作用域对象

例如:

Interpreter.global = window;

static `eval`

readonly

替代原有的eval占位符

如果执行环境支持 eval 函数建议使用原生的 eval，除非 eval 需要使用局部变量时，如下情况：

const ctx = Object.create(window);

ctx.eval = Interpreter.eval;

const interpreter = new Interpreter(ctx);

interpreter.evaluate(`
    function test(){
        var a = 1;
        return eval('a+1')
    }
    test();
`); // output 2

static `Function`

readonly

替代原有的Function占位符

作用同Interpreter.eval

除非不支持Function的环境，否则不建议使用

static `ecmaVersion`

可选值： 3 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 2015 | 2016 | 2017 | 2018 | 2019 | 2020

默认： 5

注：eval5 只支持 es5 语法，如果将 ecmaVersion 设为高版本尽管能编译通过，但解释时可能会报错或得到错误结果。

例如，如果设ecmaVersion=6或更高，以下代码可以正常解析执行，但结果非预期：

const a = [];
for(let i = 0; i < 10; i++) {
    a.push(function(){
        console.log(i);
    })
}

...

// output: 10 10 10...

原因在于解释器会忽略const let类型，都当作var处理。

`constructor`(ctx: {}, options?: { timeout?: number})

构造函数

var interpreter = new Interpreter(window);

`evaluate`(code: string): any

返回脚本中执行的最后一个表达式结果

var interpreter = new Interpreter(window);
interpreter.evaluate("alert(1+1)");

appendCode(code: string): any

作用同evaluate

setExecTimeout(timeout: number)

单位：ms

获取evaluate的执行时间

evaluate(code: string, ctx?: {})

执行给定的字符串脚本,返回脚本中执行的最后一个表达式结果

evaluate("console.log(1+1)", { console: console });

Function

同 js 原生的 Function

const func = new Function("a", "b", "return a+b;");
console.log(func(1, 2));

vm

参考 node.js vm

支持 api 列表:

vm.createContext
vm.compileFunction
vm.runInContext
vm.runInNewContext
vm.Script

License

MIT

Support

ECMA5

evaljs closure-interpreter

Keywords

FAQs

What is eval5?

Is eval5 popular?

Is eval5 well maintained?

Package last updated on 09 Mar 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

eval5

eval5

Usage

Interpreter

static version

static global

static eval

static Function

static ecmaVersion

constructor(ctx: {}, options?: { timeout?: number})

evaluate(code: string): any

appendCode(code: string): any

setExecTimeout(timeout: number)

evaluate(code: string, ctx?: {})

Function

vm

License

Support

Related

Keywords

Related posts

Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets

NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates

static `version`

static `global`

static `eval`

static `Function`

static `ecmaVersion`

`constructor`(ctx: {}, options?: { timeout?: number})

`evaluate`(code: string): any