filtrex

What is filtrex?

Filtrex is a simple, safe, JavaScript expression engine for end-user programming. It allows you to evaluate expressions in a safe and controlled manner, making it useful for filtering, sorting, and evaluating data based on user-defined criteria.

What are filtrex's main functionalities?

Basic Expression Evaluation

Filtrex can evaluate basic mathematical expressions. In this example, it evaluates the expression '2 + 2' and returns the result.

const filtrex = require('filtrex');
const expression = filtrex('2 + 2');
console.log(expression()); // Outputs: 4

Filtering Data

Filtrex can be used to filter data based on user-defined criteria. In this example, it filters an array of objects to include only those where the age is greater than 28.

const filtrex = require('filtrex');
const data = [{name: 'Alice', age: 30}, {name: 'Bob', age: 25}];
const filter = filtrex('age > 28');
const filteredData = data.filter(filter);
console.log(filteredData); // Outputs: [{name: 'Alice', age: 30}]

Custom Functions

Filtrex allows you to define custom functions that can be used in expressions. In this example, a custom function 'isEven' is defined to check if a number is even, and it is used to filter the data.

const filtrex = require('filtrex');
const customFunctions = { isEven: (x) => x % 2 === 0 };
const expression = filtrex('isEven(age)', customFunctions);
const data = [{name: 'Alice', age: 30}, {name: 'Bob', age: 25}];
const filteredData = data.filter(expression);
console.log(filteredData); // Outputs: [{name: 'Alice', age: 30}]

Other packages similar to filtrex

jexl

Jexl (JavaScript Expression Language) is a library for parsing and evaluating complex expressions. It supports advanced features like custom functions, operators, and transforms. Compared to Filtrex, Jexl offers more flexibility and power for complex expression evaluation.

expr-eval

Expr-eval is a small, fast JavaScript expression parser and evaluator. It supports basic mathematical operations, functions, and variables. While it is similar to Filtrex in terms of basic functionality, expr-eval is more focused on mathematical expressions and less on filtering data.

mathjs

Math.js is an extensive math library for JavaScript and Node.js. It provides a flexible expression parser and supports a wide range of mathematical functions and operations. Math.js is more comprehensive than Filtrex, offering advanced mathematical capabilities beyond simple expression evaluation.

README

Filtrex

⚠️ UPGRADING TO v3 ⚠️: If you're using Filtrex v2 and want to upgrade to the new version, check the changelog and this issue. If you need help with the migration, feel free to open an issue.

A simple, safe, JavaScript expression engine, allowing end-users to enter arbitrary expressions without p0wning you.

category == "meal" and (calories * weight > 2000.0 or subcategory in ("cake", "pie"))

Get it

Filtrex is available as an NPM package via pnpm add filtrex or npm install filtrex:

import { compileExpression } from "filtrex";
const f = compileExpression(`category == "meal"`);

You can also get the bundled versions from ./dist/.

Why?

There are many cases where you want a user to be able enter an arbitrary expression through a user interface. e.g.

• Plot a chart (example)
• Filter/searching across items using multiple fields (example)
• Colorize items based on values (example)
• Implement a browser based spreadsheet

Sure, you could do that with JavaScript and eval(), but I'm sure I don't have to tell you how stupid that would be.

Filtrex defines a really simple expression language that should be familiar to anyone who's ever used a spreadsheet, and compiles it into a JavaScript function at runtime.

Features

• Simple! End user expression language looks like this transactions <= 5 and abs(profit) > 20.5
• Fast! Expressions get compiled into JavaScript functions, offering the same performance as if it had been hand coded. e.g. function(item) { return item.transactions <=5 && Math.abs(item.profit) > 20.5; }
• Safe! You as the developer have control of which data can be accessed and the functions that can be called. Expressions cannot escape the sandbox.
• Pluggable! Add your own data and functions.
• Predictable! Because users can't define loops or recursive functions, you know you won't be left hanging.

10 second tutorial

import { compileExpression } from "filtrex";

// Input from the user (eg. search filter)
const expression = `transactions <= 5 and abs(profit) > 20.5`;

// Compile the expression to an executable function
const myfilter = compileExpression(expression);

// Execute the function on real data
myfilter({ transactions: 3, profit: -40.5 }); // → true
myfilter({ transactions: 3, profit: -14.5 }); // → false

→ Try it!

Under the hood, the above expression gets compiled to a clean and fast JavaScript function, looking something like this:

(item) => item.transactions <= 5 && Math.abs(item.profit) > 20.5;

Expressions

There are 5 types in Filtrex: numbers, strings, booleans and arrays & objects of these. Numbers may be floating point or integers. The properties of an object can be accessed using the of operator. Types don't get automatically converted: 1 + true isn't two, but an error.

Values	Description
43, -1.234	Numbers
"hello"	String
" \" \\ "	Escaping of double-quotes and blackslash in string
foo, a.b.c, 'foo-bar'	External data variable defined by application

BEWARE! Strings must be double-quoted! Single quotes are for external variables. Also, a.b.c doesn't mean data.a.b.c, it means data['a.b.c'].

Numeric arithmetic	Description
x + y	Add
x - y	Subtract
x * y	Multiply
x / y	Divide
x ^ y	Power
x mod y	Modulo

BEWARE! Modulo always returns a positive number: -1 mod 3 == 2.

Comparisons	Description
x == y	Equals
x != y	Does not equal
x < y	Less than
x <= y	Less than or equal to
x > y	Greater than
x >= y	Greater than or equal to
x == y <= z	Chained relation, equivalent to (x == y and y <= z)
x ~= y	Regular expression match
x in (a, b, c)	Equivalent to (x == a or x == b or x == c)
x not in (a, b, c)	Equivalent to (x != a and x != b and x != c)

Boolean logic	Description
x or y	Boolean or
x and y	Boolean and
not x	Boolean not
if x then y else z	If boolean x is true, return value y, else return z
( x )	Explicity operator precedence

Objects and arrays	Description
(a, b, c)	Array
a in b	Array a is a subset of array b
x of y	Property x of object y

Built-in functions	Description
abs(x)	Absolute value
ceil(x)	Round a fractional number to the nearest greater integer
empty(x)	True if x is undefined, null, an empty array or an empty string
exists(x)	True unless x is undefined or null
floor(x)	Round a fractional number to the nearest lesser integer
log(x)	Natural logarithm
log2(x)	Logarithm base two
log10(x)	Logarithm base ten
max(a, b, c...)	Max value (variable length of args)
min(a, b, c...)	Min value (variable length of args)
round(x)	Round a fractional number to the nearest integer
sqrt(x)	Square root

Errors

Filtrex may throw during the compilation of an expression (for example if it's malformed, or when you supply invalid options). However, it will never throw during the execution of an expression – instead it will return the corresponding error. It is intentional: this way you don't have to be too cautious when executing user-defined filters even in critical code.

Error type	Meaning
UnknownOptionError	You specified an option which was not recognized by Filtrex. Double-check your spelling and the version of Filtrex you are using.
UnexpectedTypeError	The user passed a different type than the one accepted by the function or operator.
UnknownFunctionError	The user attempted to call a function which is not a predefined function, nor specified in options.extraFunctions.
UnknownPropertyError	The user attempted to access a property which is not present in the data object, nor in the constants. If the property is meant to be empty, use undefined or null as its value. If you need to use optional properties in your data, define a customProp function.
Error	A general error, typically thrown by Jison when parsing a malformed expression.

To achieve a good UX, it is recommended to continually validate the user's expression and let them know whether it's well-formed. To achieve this, you can try to build their expression and evaluate it on sample data every few milliseconds – if it either throws or returns an error, display that error to them.

Many errors have a unique I18N_STRING to help you translate the message to the user's preferred language. Check errors.mjs for more info.

Custom functions and constants

When integrating Filtrex into your application, you can add your own custom functions.

// Custom function: Return string length.
function strlen(s) {
  return s.length;
}

let options = {
  extraFunctions: { strlen },
};

// Compile expression to executable function
let myfilter = compileExpression("strlen(firstname) > 5", options);

myfilter({ firstname: "Joe" }); // → false
myfilter({ firstname: "Joseph" }); // → true

→ Try it!

You can also add custom constants. This is useful when you want to let the user use a constant value without modifying all the data. If you specify a constant whose name also exists in your data, the constant will have precedence. However, constants cannot be accessed using single-quoted symbols.

const options = {
  constants: { pi: Math.PI },
};
const fn = compileExpression(`2 * pi * radius`, options);

fn({ radius: 1 / 2 });
// → Math.PI

→ Try it!

const options = { constants: { a: "a_const " } };
const data = { a: "a_data ", b: "b_data " };

// single-quotes give access to data
const expr = `'a' + a + 'b' + b`;

compileExpression(expr, options)(data);
// → "a_data a_const b_data b_data"

→ Try it!

Custom operator implementations

Filtrex has many built-in operators: +, -, *, /, ^, mod, ==, !=, <, <=, >=, >, ~= and each of them has a well-defined behavior. However, if you want to change anything about them, you are free to. You can override one or more operators using the options.operators setting.

import { compileExpression } from "filtrex";
import { add, subtract, unaryMinus, matrix } from "mathjs";

const options = {
  operators: {
    "+": add,
    "-": (a, b) => (b == undefined ? unaryMinus(a) : subtract(a, b)),
  },
};

const data = { a: matrix([1, 2, 3]), b: matrix([-1, 0, 1]) };

compileExpression(`-a + b`, options)(data);
// → matrix([-2, -2, -2])

→ Try it!

Custom property function

If you want to do even more magic with Filtrex, you can supply a custom function that will resolve the identifiers used in expressions and assign them a value yourself. This is called a property function and has the following signature:

function propFunction(
  propertyName: string, // name of the property being accessed
  get: (name: string) => obj[name], // safe getter that retrieves the property from obj
  obj: any, // the object passed to compiled expression
  type: "unescaped" | "single-quoted", // whether the symbol was unquoted or enclosed in single quotes
);

For example, this can be useful when you're filtering based on whether a string contains some words or not:

function containsWord(string, word) {
  // your optimized code
}

let options = {
  customProp: (word, _, string) => containsWord(string, word),
};

let myfilter = compileExpression("Bob and Alice or Cecil", options);

myfilter("Bob is boring"); // → false
myfilter("Bob met Alice"); // → true
myfilter("Cecil is cool"); // → true

→ Try it!

Safety note: The get function returns undefined for properties that are defined on the object's prototype, not on the object itself. This is important, because otherwise the user could access things like toString.constructor and maybe do some nasty things with it. Bear this in mind if you decide not to use get and access the properties yourself.

FAQ

Why the name?

Because you can use it to make filtering expressions – expressions that filter data.

What's Jison?

Jison is bundled with Filtrex – it's a JavaScript parser generator that does the underlying hard work of understanding the expression. It's based on Flex and Bison.

License?

MIT

Unit tests?

Here: Source

What happens if the expression is malformed?

Calling compileExpression() with a malformed expression will throw an exception. You can catch that and display feedback to the user. A good UI pattern is to attempt to compile on each change (properly debounced, of course) and continuously indicate whether the expression is valid. On the other hand, once the expression is successfully compiled, it will never throw – this is to prevent the user from making your program fail when you expect it the least – a compiled expression that fails at runtime will return an error.

Strings don't work! I can't access a property!

Strings in Filtrex are always double-quoted, like this: "hello", never single-quoted. Symbols (ie. data accessors, or variables) can be unquoted or single-quoted, for example: foo, 'foo-bar', foo.bar. However, the dot there doesn't mean a property accessor – it's just a symbol named literally "foo.bar".

Can I use dots as property accessors?

Yes, you can – using a custom prop function! Since this request is a common one, we even ship the required function with Filtrex – it's called useDotAccessOperator. It is enough to do the following:

import { compileExpression, useDotAccessOperator } from "filtrex";

const expr = "foo.bar";
const fn = compileExpression(expr, {
  customProp: useDotAccessOperator,
});

fn({ foo: { bar: 42 } }); // → 42

Can I get rid of the UnknownPropertyError?

If you want to return undefined instead of an error when the user accesses an undefined field, you can use the useOptionalChaining property function. And if you want to combine it with dots as access operators, use the useDotAccessOperatorAndOptionalChaining prop function.

Contributors

• @joewalnes Joe Walnes – the original author of this repository
• @cshaa Michal Grňo – maintainer of the NPM package and the current main developer
• @msantos Michael Santos – quoted symbols, regex matches and numerous fixes
• @bradparks Brad Parks – extensible prop function
• @arendjr Arend van Beelen jr. – quote escaping in string literals
• @alexgorbatchev Alex Gorbatchev – the original maintainer of the NPM package

Changelog

3.1.0

• Change links to github.com/m93a to github.com/cshaa (#62)
• Quality of life improvements in the codebase
  • Migrate from yarn to pnpm
  • Update dependencies
  • Format everything using prettier