中文 | English
基于 TypeScript 编写的 JavaScript 解释器,支持完整 ES5 语法
支持浏览器、node.js、小程序等 JavaScript 运行环境
eval Function的 JavaScript 运行环境:如 微信小程序 demo we-script taro-scriptES5
npm install --save eval5
import { Interpreter } from "eval5";
const interpreter = new Interpreter(window, {
timeout: 1000,
});
let result;
try {
result = interpreter.evaluate("1+1");
console.log(result);
interpreter.evaluate("var a=100");
interpreter.evaluate("var b=200");
result = interpreter.evaluate("a+b");
console.log(result);
} catch (e) {
console.log(e);
}
interface Options {
// 默认为:0,不限制
timeout?: number;
// 根作用域,只读
rootContext?: {} | null;
globalContextInFunction?: any;
}
示例
import { Interpreter } from "eval5";
const ctx = {};
const interpreter = new Interpreter(ctx, {
rootContext: window,
timeout: 1000,
});
interpreter.evaluate(`
a = 100;
console.log(a); // 100
`);
window.a;//undefined
version
当前版本
global
默认值: {}
设置默认的全局作用域
Interpreter.global = window;
const interpreter = new Interpreter();
interpreter.evaluate('alert("hello eval5")');
globalContextInFunction
默认值: undefined
eval5 不支持 use strict 严格模式, 在非严格下的函数中this默认指向的是全局作用域,但在eval5中是undefined, 可通过globalContextInFunction来设置默认指向。
import { Interpreter } from "Interpreter";
const ctx = {};
const interpreter = new Interpreter(ctx);
interpreter.evaluate(`
this; // ctx
function func(){
return this; // undefined
}
func();
`);
import { Interpreter } from "Interpreter";
Interpreter.globalContextInFunction = window;
const ctx = {};
const interpreter = new Interpreter({});
interpreter.evaluate(`
this; // ctx
function func(){
return this; // window
}
func();
`);
原因,示例代码:
注意: alert异常
import { Interpreter } from "Interpreter";
Interpreter.globalContextInFunction = {};
const ctx = {alert: alert};
const interpreter = new Interpreter(ctx);
interpreter.evaluate(`
// throw Illegal invocation
alert('Hello eval5'); // 同 alert.call({}, 'Hello eval5')
`);
constructor(context = Interpreter.global, options?: Options )
构造函数
evaluate(code: string): any
执行给定的字符串代码,并返回最后一个表达式的值
import { Interpreter } from "Interpreter";
const interpreter = new Interpreter(window);
const result = interpreter.evaluate(`
var a = 100;
var b = 200;
a+b;
`);
console.log(result); // 300
appendCode(code: string): any
evaluate的别名
getExecutionTime(): number
获取上一次调用evaluate的执行时长
setExecTimeout(timeout: number = 0): void
设置执行时长
getOptions(): Readonly<Options>
获取解释器参数
执行给定的字符串代码,并返回最后一个表达式的值
注: 该函数每次执行都会创建一个新的解释器
import { evaluate } from "eval5";
evaluate(
`
var a = 100;
var b = 100;
console.log(a+b);
`,
{ console: console }
); // 200
evaluate(`
a;
`); // a is not defined
该函数会将Interpreter.global Interpreter.globalContextInFunction当作默认值并创建新的解释器
import { Function } from "eval5";
const func = new Function("a", "b", "return a+b;");
console.log(func(100, 200)); // 300
查看 vm
MIT
FAQs
A JavaScript interpreter written in JavaScript
The npm package eval5 receives a total of 742 weekly downloads. As such, eval5 popularity was classified as not popular.
We found that eval5 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.