Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
run-script
Dead simple script string to function execution with arguments, context and error catching.
run-script
Dead simple script string to function execution with arguments, context and error catching.
Please note: this is a simple wrapper for creating new dynamic functions, similar to eval, which has performance and security issues. You may have heard "eval is evil", and while eval and new Function() can be harmful, it exists for a reason.
To read up on this, check out new Function() and eval().
Some circumstances when invoking scripts is a good thing:
- Hot-loading mechanisms (although you might prefer swapping script[new Function()-elements when using a browser)
- "Playgrounds" such as CodePen, JSFiddle or JSBin
- Creating interactive coding tutorials
- Mimicing quick-search bars such as the Mac
cmd+spaceSpotlight search tool (for adding, subtracting etc for example)
However, please refrain from using eval(), new Function or this run-script needlessly, if you want to convert to/from JSON, consider using JSON.parse and JSON.stringify instead. Same goes for any kind of serializing.
Usage
import runScript from 'run-script';
/*
runScript(
script = 'string',
arguments = {object}, (OPTIONAL) - arguments to be passed to the function, key/value object
context = {object}, (OPTIONAL) - what to put as `this`
);
*/
const result = runScript('return true;');
// result = true
const result = runScript('return prop;', { prop: 'test' });
// result = 'test'
const result = runScript('return this.prop;', {}, { prop: 'context' });
// result = 'context'
Error handling
By default errors are catched and returned as { error: <err> }, like this:
import runScript from 'run-script';
const result = runScript('this will produce a syntax error');
if (result.error) {
console.log(`Whoops! ${result.error.name} has occured!`);
// Will say 'Whoops! SyntaxError has occured!'
}
Use with?
This exposes the runScript as module.exports (CommonJS-syntax), so it should work fine with anything that can handle CommonJS-syntax, such as webpack, rollup, transpilers and native NodeJS code. If you have any problem with it or if you would like it exposed in another way, please do not hesitate to open a ticket or pull request.
FAQs
Dead simple script string to function execution with arguments, context and error catching.
The npm package run-script receives a total of 208 weekly downloads. As such, run-script popularity was classified as not popular.
We found that run-script demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 15 Oct 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025