Socket
Socket
Sign inDemoInstall

punyexpr

Package Overview
Dependencies
0
Maintainers
1
Versions
5
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

punyexpr


Version published
Weekly downloads
1.6K
increased by44.63%
Maintainers
1
Install size
10.3 kB
Created
Weekly downloads
 

Readme

Source

punyexpr 🦴

Node.js CI Mutation Testing Package Quality Known Vulnerabilities punyexpr punyexpr install size MIT License

A minimalist (4955 bytes) expression compiler and evaluator.

Live demo

https://arnaudbuchholz.github.io/punyexpr/samples/calc.html

Usage

1. Include the punyexpr helper

<script src="https://cdn.jsdelivr.net/npm/punyexpr/dist/punyexpr.js"></script>

2. Compile an expression

const incValue = punyexpr('value + 1')

3. Evaluate the expression

incValue({ value: 1 }) // 2

Use with punybind@>=1.2.0

const safebind = punybind.use({
  compiler: punyexpr
 })
// Use safebind to bind HTML

Implementation notes

  • Regular expressions are not secure and are not allowed by default

  • Leverage the option { regex: true } to enable regular expressions using the default JavaScript implementation:

const unsecure = punyexpr('value.match(/a+b/)', { regex: true })
  • Or plug any custom regular expression builder using { regex: (pattern, flags) => { /* */ } }
const unsecure = punyexpr('value.match(/a+b/)', { regex: (pattern, flags) => new RegExp(pattern, flags) })
  • Check the source for the (altered and) implemented grammar,
    in particular the following are not supported :
    • Bitwise, async and coalesce operations
    • new and this
    • Object literals
  • See the tests for supported expressions.
  • The implementation is compliant with Content Security Policy.

FAQs

Last updated on 24 Feb 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc