Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
run-script
Advanced tools
Readme
Dead simple script string to function execution with arguments, context and error catching.
Please note: this is a simple wrapper for creating new dynamic functions, similar to eval, which has performance and security issues. You may have heard "eval is evil", and while eval and new Function()
can be harmful, it exists for a reason.
To read up on this, check out new Function() and eval().
Some circumstances when invoking scripts is a good thing:
cmd+space
Spotlight search tool (for adding, subtracting etc for example)However, please refrain from using eval()
, new Function
or this run-script
needlessly, if you want to convert to/from JSON, consider using JSON.parse
and JSON.stringify
instead. Same goes for any kind of serializing.
import runScript from 'run-script';
/*
runScript(
script = 'string',
arguments = {object}, (OPTIONAL) - arguments to be passed to the function, key/value object
context = {object}, (OPTIONAL) - what to put as `this`
);
*/
const result = runScript('return true;');
// result = true
const result = runScript('return prop;', { prop: 'test' });
// result = 'test'
const result = runScript('return this.prop;', {}, { prop: 'context' });
// result = 'context'
By default errors are catched and returned as { error: <err> }
, like this:
import runScript from 'run-script';
const result = runScript('this will produce a syntax error');
if (result.error) {
console.log(`Whoops! ${result.error.name} has occured!`);
// Will say 'Whoops! SyntaxError has occured!'
}
This exposes the runScript as module.exports
(CommonJS-syntax), so it should work fine with anything that can handle CommonJS-syntax, such as webpack, rollup, transpilers and native NodeJS code. If you have any problem with it or if you would like it exposed in another way, please do not hesitate to open a ticket or pull request.
FAQs
Dead simple script string to function execution with arguments, context and error catching.
The npm package run-script receives a total of 526 weekly downloads. As such, run-script popularity was classified as not popular.
We found that run-script demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.