Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The expr-eval npm package is a mathematical expression evaluator for JavaScript. It allows you to parse and evaluate mathematical expressions, define custom functions and variables, and perform various mathematical operations programmatically.
Basic Expression Evaluation
This feature allows you to evaluate basic mathematical expressions. The code sample demonstrates how to parse and evaluate a simple arithmetic expression.
const { Parser } = require('expr-eval');
const parser = new Parser();
const expr = parser.parse('2 + 3 * (7 - 5)');
console.log(expr.evaluate()); // Output: 8
Variable Support
This feature allows you to define and use variables within expressions. The code sample shows how to evaluate an expression with variables.
const { Parser } = require('expr-eval');
const parser = new Parser();
const expr = parser.parse('x * y + z');
const variables = { x: 2, y: 3, z: 4 };
console.log(expr.evaluate(variables)); // Output: 10
Custom Functions
This feature allows you to define custom functions that can be used within expressions. The code sample demonstrates how to create and use a custom function.
const { Parser } = require('expr-eval');
const parser = new Parser();
parser.functions.customFunc = function(a, b) { return a * b + 1; };
const expr = parser.parse('customFunc(2, 3)');
console.log(expr.evaluate()); // Output: 7
Logical and Comparison Operators
This feature supports logical and comparison operators within expressions. The code sample shows how to evaluate an expression with logical and comparison operators.
const { Parser } = require('expr-eval');
const parser = new Parser();
const expr = parser.parse('x > 5 && y < 10');
const variables = { x: 6, y: 8 };
console.log(expr.evaluate(variables)); // Output: true
Math.js is an extensive math library for JavaScript and Node.js. It provides a large set of built-in functions and constants, supports complex numbers, matrices, units, and more. Compared to expr-eval, math.js offers a broader range of mathematical functionalities and is more feature-rich.
Algebra.js is a library for working with algebraic structures in JavaScript. It allows you to create and manipulate algebraic expressions, solve equations, and perform other algebraic operations. While expr-eval focuses on evaluating expressions, algebra.js is more specialized in algebraic manipulations.
Nerdamer is a symbolic math library for JavaScript. It can perform symbolic computation, solve equations, and handle calculus operations. Compared to expr-eval, nerdamer is more focused on symbolic mathematics and provides advanced features for symbolic computation.
Parses and evaluates mathematical expressions. It's a safer and more
math-oriented alternative to using JavaScript’s eval
function for mathematical
expressions.
It has built-in support for common math operators and functions. Additionally, you can add your own JavaScript functions. Expressions can be evaluated directly, or compiled into native JavaScript functions.
npm install expr-eval
var Parser = require('expr-eval').Parser;
var parser = new Parser();
var expr = parser.parse('2 * x + 1');
console.log(expr.evaluate({ x: 3 })); // 7
// or
Parser.evaluate('6 * x', { x: 7 }) // 42
Parser is the main class in the library. It has as single parse
method, and
"static" methods for parsing and evaluating expressions.
Constructs a new Parser
instance.
The constructor takes an optional options
parameter that allows you to enable or disable operators.
For example, the following will create a Parser
that does not allow comparison or logical operators, but does allow in
:
var parser = new Parser({
operators: {
// These default to true, but are included to be explicit
add: true,
concatenate: true,
conditional: true,
divide: true,
factorial: true,
multiply: true,
power: true,
remainder: true,
subtract: true,
// Disable and, or, not, <, ==, !=, etc.
logical: false,
comparison: false,
// Disable 'in' and = operators
'in': false,
assignment: false
}
});
Convert a mathematical expression into an Expression
object.
Static equivalent of new Parser().parse(expression)
.
Parse and immediately evaluate an expression using the values and functions from
the variables
object.
Parser.evaluate(expr, vars) is equivalent to calling Parser.parse(expr).evaluate(vars).
Parser.parse(str)
returns an Expression
object. Expression
s are similar to
JavaScript functions, i.e. they can be "called" with variables bound to
passed-in values. In fact, they can even be converted into JavaScript
functions.
Evaluate the expression, with variables bound to the values in {variables}. Each
variable in the expression is bound to the corresponding member of the
variables
object. If there are unbound variables, evaluate
will throw an
exception.
js> expr = Parser.parse("2 ^ x");
(2^x)
js> expr.evaluate({ x: 3 });
8
Create a new Expression
with the specified variable replaced with another
expression. This is similar to function composition. If expression
is a string
or number, it will be parsed into an Expression
.
js> expr = Parser.parse("2 * x + 1");
((2*x)+1)
js> expr.substitute("x", "4 * x");
((2*(4*x))+1)
js> expr2.evaluate({ x: 3 });
25
Simplify constant sub-expressions and replace variable references with literal values. This is basically a partial evaluation, that does as much of the calculation as it can with the provided variables. Function calls are not evaluated (except the built-in operator functions), since they may not be deterministic.
Simplify is pretty simple. For example, it doesn’t know that addition and
multiplication are associative, so ((2*(4*x))+1)
from the previous example
cannot be simplified unless you provide a value for x. 2*4*x+1
can however,
because it’s parsed as (((2*4)*x)+1)
, so the (2*4)
sub-expression will be
replaced with "8", resulting in ((8*x)+1)
.
js> expr = Parser.parse("x * (y * atan(1))").simplify({ y: 4 });
(x*3.141592653589793)
js> expr.evaluate({ x: 2 });
6.283185307179586
Get an array of the unbound variables in the expression.
js> expr = Parser.parse("x * (y * atan(1))");
(x*(y*atan(1)))
js> expr.variables();
x,y
js> expr.simplify({ y: 4 }).variables();
x
By default, variables
will return "top-level" objects, so for example, Parser.parse(x.y.z).variables()
returns ['x']
. If you want to get the whole chain of object members, you can call it with { withMembers: true }
. So Parser.parse(x.y.z).variables({ withMembers: true })
would return ['x.y.z']
.
Get an array of variables, including any built-in functions used in the expression.
js> expr = Parser.parse("min(x, y, z)");
(min(x, y, z))
js> expr.symbols();
min,x,y,z
js> expr.simplify({ y: 4, z: 5 }).symbols();
min,x
Like variables
, symbols
accepts an option argument { withMembers: true }
to include object members.
Convert the expression to a string. toString()
surrounds every sub-expression
with parentheses (except literal values, variables, and function calls), so
it’s useful for debugging precedence errors.
Convert an Expression
object into a callable JavaScript function. parameters
is an array of parameter names, or a string, with the names separated by commas.
If the optional variables
argument is provided, the expression will be
simplified with variables bound to the supplied values.
js> expr = Parser.parse("x + y + z");
((x + y) + z)
js> f = expr.toJSFunction("x,y,z");
[Function] // function (x, y, z) { return x + y + z; };
js> f(1, 2, 3)
6
js> f = expr.toJSFunction("y,z", { x: 100 });
[Function] // function (y, z) { return 100 + y + z; };
js> f(2, 3)
105
The parser accepts a pretty basic grammar. It's similar to normal JavaScript
expressions, but is more math-oriented. For example, the ^
operator is
exponentiation, not xor.
Operator | Associativity | Description |
---|---|---|
(...) | None | Grouping |
f(), x.y, a[i] | Left | Function call, property access, array indexing |
! | Left | Factorial |
^ | Right | Exponentiation |
+, -, not, sqrt, etc. | Right | Unary prefix operators (see below for the full list) |
*, /, % | Left | Multiplication, division, remainder |
+, -, || | Left | Addition, subtraction, array/list concatenation |
==, !=, >=, <=, >, <, in | Left | Equals, not equals, etc. "in" means "is the left operand included in the right array operand?" |
and | Left | Logical AND |
or | Left | Logical OR |
x ? y : z | Right | Ternary conditional (if x then y else z) |
= | Right | Variable assignment |
; | Left | Expression separator |
var parser = new Parser({
operators: {
'in': true,
'assignment': true
}
});
// Now parser supports 'x in array' and 'y = 2*x' expressions
The parser has several built-in "functions" that are actually unary operators.
The primary difference between these and functions are that they can only accept
exactly one argument, and parentheses are optional. With parentheses, they have
the same precedence as function calls, but without parentheses, they keep their
normal precedence (just below ^
). For example, sin(x)^2
is equivalent to
(sin x)^2
, and sin x^2
is equivalent to sin(x^2)
.
The unary +
and -
operators are an exception, and always have their normal
precedence.
Operator | Description |
---|---|
-x | Negation |
+x | Unary plus. This converts it's operand to a number, but has no other effect. |
x! | Factorial (x * (x-1) * (x-2) * … * 2 * 1). gamma(x + 1) for non-integers. |
abs x | Absolute value (magnitude) of x |
acos x | Arc cosine of x (in radians) |
acosh x | Hyperbolic arc cosine of x (in radians) |
asin x | Arc sine of x (in radians) |
asinh x | Hyperbolic arc sine of x (in radians) |
atan x | Arc tangent of x (in radians) |
atanh x | Hyperbolic arc tangent of x (in radians) |
cbrt x | Cube root of x |
ceil x | Ceiling of x — the smallest integer that’s >= x |
cos x | Cosine of x (x is in radians) |
cosh x | Hyperbolic cosine of x (x is in radians) |
exp x | e^x (exponential/antilogarithm function with base e) |
expm1 x | e^x - 1 |
floor x | Floor of x — the largest integer that’s <= x |
length x | String length of x |
ln x | Natural logarithm of x |
log x | Natural logarithm of x (synonym for ln, not base-10) |
log10 x | Base-10 logarithm of x |
log2 x | Base-2 logarithm of x |
log1p x | Natural logarithm of (1 + x) |
not x | Logical NOT operator |
round x | X, rounded to the nearest integer, using "grade-school rounding" |
sign x | Sign of x (-1, 0, or 1 for negative, zero, or positive respectively) |
sin x | Sine of x (x is in radians) |
sinh x | Hyperbolic sine of x (x is in radians) |
sqrt x | Square root of x. Result is NaN (Not a Number) if x is negative. |
tan x | Tangent of x (x is in radians) |
tanh x | Hyperbolic tangent of x (x is in radians) |
trunc x | Integral part of a X, looks like floor(x) unless for negative number |
Besides the "operator" functions, there are several pre-defined functions. You can provide your own, by binding variables to normal JavaScript functions. These are not evaluated by simplify.
Function | Description |
---|---|
random(n) | Get a random number in the range [0, n). If n is zero, or not provided, it defaults to 1. |
fac(n) | n! (factorial of n: "n * (n-1) * (n-2) * … * 2 * 1") Deprecated. Use the ! operator instead. |
min(a,b,…) | Get the smallest (minimum) number in the list. |
max(a,b,…) | Get the largest (maximum) number in the list. |
hypot(a,b) | Hypotenuse, i.e. the square root of the sum of squares of its arguments. |
pyt(a, b) | Alias for hypot. |
pow(x, y) | Equivalent to x^y. For consistency with JavaScript's Math object. |
atan2(y, x) | Arc tangent of x/y. i.e. the angle between (0, 0) and (x, y) in radians. |
roundTo(x, n) | Rounds x to n places after the decimal point. |
map(f, a) | Array map: Pass each element of a the function f , and return an array of the results. |
fold(f, y, a) | Array fold: Fold/reduce array a into a single value, y by setting y = f(y, x, index) for each element x of the array. |
filter(f, a) | Array filter: Return an array containing only the values from a where f(x, index) is true . |
indexOf(x, a) | Return the first index of string or array a matching the value x , or -1 if not found. |
join(sep, a) | Concatenate the elements of a , separated by sep . |
if(c, a, b) | Function form of c ? a : b. Note: This always evaluates both a and b , regardless of whether c is true or not. Use c ? a : b instead if there are side effects, or if evaluating the branches could be expensive. |
Arrays can be created by including the elements inside square []
brackets, separated by commas. For example:
[ 1, 2, 3, 2+2, 10/2, 3! ]
You can define functions using the syntax name(params) = expression
. When it's evaluated, the name will be added to the passed in scope as a function. You can call it later in the expression, or make it available to other expressions by re-using the same scope object. Functions can support multiple parameters, separated by commas.
Examples:
square(x) = x*x
add(a, b) = a + b
factorial(x) = x < 2 ? 1 : x * factorial(x - 1)
If you need additional functions that aren't supported out of the box, you can easily add them in your own code. Instances of the Parser
class have a property called functions
that's simply an object with all the functions that are in scope. You can add, replace, or delete any of the properties to customize what's available in the expressions. For example:
var parser = new Parser();
// Add a new function
parser.functions.customAddFunction = function (arg1, arg2) {
return arg1 + arg2;
};
// Remove the factorial function
delete parser.functions.fac;
parser.evaluate('customAddFunction(2, 4) == 6'); // true
//parser.evaluate('fac(3)'); // This will fail
The parser also includes a number of pre-defined constants that can be used in expressions. These are shown in the table below:
Constant | Description |
---|---|
E | The value of Math.E from your JavaScript runtime |
PI | The value of Math.PI from your JavaScript runtime |
true | Logical true value |
false | Logical false value |
Pre-defined constants are stored in parser.consts
. You can make changes to this property to customise the
constants available to your expressions. For example:
var parser = new Parser();
parser.consts.R = 1.234;
console.log(parser.parse('A+B/R').toString()); // ((A + B) / 1.234)
To disable the pre-defined constants, you can replace or delete parser.consts
:
var parser = new Parser();
parser.consts = {};
cd
to the project directorynpm install
npm test
[2.0.2] - 2019-09-28
import { Parser } from 'expr-eval'
to work in TypeScript. The default export is still available for backward compatibility.FAQs
Mathematical expression evaluator
The npm package expr-eval receives a total of 419,961 weekly downloads. As such, expr-eval popularity was classified as popular.
We found that expr-eval demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.