Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
promptflow-eval
Advanced tools
Readme
中文 | English
基于 TypeScript 编写的 JavaScript 解释器,支持完整 ES5 语法
支持浏览器、node.js、小程序等 JavaScript 运行环境
eval
Function
的 JavaScript 运行环境:如 微信小程序 demo we-script taro-scriptES5
npm install --save eval5
import { Interpreter } from "eval5";
const interpreter = new Interpreter(window, {
timeout: 1000,
});
let result;
try {
result = interpreter.evaluate("1+1");
console.log(result);
interpreter.evaluate("var a=100");
interpreter.evaluate("var b=200");
result = interpreter.evaluate("a+b");
console.log(result);
} catch (e) {
console.log(e);
}
interface Options {
// 默认为:0,不限制
timeout?: number;
// 根作用域,只读
rootContext?: {} | null;
globalContextInFunction?: any;
}
示例
import { Interpreter } from "eval5";
const ctx = {};
const interpreter = new Interpreter(ctx, {
rootContext: window,
timeout: 1000,
});
interpreter.evaluate(`
a = 100;
console.log(a); // 100
`);
window.a;//undefined
version
当前版本
global
默认值: {}
设置默认的全局作用域
Interpreter.global = window;
const interpreter = new Interpreter();
interpreter.evaluate('alert("hello eval5")');
globalContextInFunction
默认值: undefined
eval5
不支持 use strict
严格模式, 在非严格下的函数中this
默认指向的是全局作用域,但在eval5
中是undefined
, 可通过globalContextInFunction
来设置默认指向。
import { Interpreter } from "Interpreter";
const ctx = {};
const interpreter = new Interpreter(ctx);
interpreter.evaluate(`
this; // ctx
function func(){
return this; // undefined
}
func();
`);
import { Interpreter } from "Interpreter";
Interpreter.globalContextInFunction = window;
const ctx = {};
const interpreter = new Interpreter({});
interpreter.evaluate(`
this; // ctx
function func(){
return this; // window
}
func();
`);
原因,示例代码:
注意: alert异常
import { Interpreter } from "Interpreter";
Interpreter.globalContextInFunction = {};
const ctx = {alert: alert};
const interpreter = new Interpreter(ctx);
interpreter.evaluate(`
// throw Illegal invocation
alert('Hello eval5'); // 同 alert.call({}, 'Hello eval5')
`);
constructor(context = Interpreter.global, options?: Options )
构造函数
evaluate(code: string): any
执行给定的字符串代码,并返回最后一个表达式的值
import { Interpreter } from "Interpreter";
const interpreter = new Interpreter(window);
const result = interpreter.evaluate(`
var a = 100;
var b = 200;
a+b;
`);
console.log(result); // 300
appendCode(code: string): any
evaluate
的别名
getExecutionTime(): number
获取上一次调用evaluate
的执行时长
setExecTimeout(timeout: number = 0): void
设置执行时长
getOptions(): Readonly<Options>
获取解释器参数
执行给定的字符串代码,并返回最后一个表达式的值
注: 该函数每次执行都会创建一个新的解释器
import { evaluate } from "eval5";
evaluate(
`
var a = 100;
var b = 100;
console.log(a+b);
`,
{ console: console }
); // 200
evaluate(`
a;
`); // a is not defined
该函数会将Interpreter.global
Interpreter.globalContextInFunction
当作默认值并创建新的解释器
import { Function } from "eval5";
const func = new Function("a", "b", "return a+b;");
console.log(func(100, 200)); // 300
查看 vm
MIT
FAQs
A JavaScript interpreter written in JavaScript
The npm package promptflow-eval receives a total of 0 weekly downloads. As such, promptflow-eval popularity was classified as not popular.
We found that promptflow-eval demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.