static-eval

What is static-eval?

The static-eval npm package is used to evaluate simple expressions at compile time or in a static context. It takes an abstract syntax tree (AST) and an optional set of variables and computes the static value of the expression.

What are static-eval's main functionalities?

Evaluate arithmetic expressions

This feature allows the evaluation of arithmetic expressions. The code sample demonstrates how to parse a mathematical expression into an AST and then evaluate it using static-eval.

const evaluate = require('static-eval');
const parse = require('esprima').parse;
const src = '(1 + 2) * (3 + 4)';
const ast = parse(src).body[0].expression;
const result = evaluate(ast);
console.log(result); // Outputs: 21

Evaluate expressions with variables

This feature allows the evaluation of expressions that include variables. The code sample shows how to provide a set of variables to the evaluation context.

const evaluate = require('static-eval');
const parse = require('esprima').parse;
const src = 'a * b + c';
const ast = parse(src).body[0].expression;
const vars = { a: 10, b: 2, c: 5 };
const result = evaluate(ast, vars);
console.log(result); // Outputs: 25

Evaluate boolean expressions

This feature allows the evaluation of boolean expressions. The code sample illustrates evaluating a boolean expression with variables.

const evaluate = require('static-eval');
const parse = require('esprima').parse;
const src = 'x > 5 && y < 10';
const ast = parse(src).body[0].expression;
const vars = { x: 6, y: 9 };
const result = evaluate(ast, vars);
console.log(result); // Outputs: true

Other packages similar to static-eval

safe-eval

safe-eval is a package that also evaluates code in a sandboxed environment, providing a safer alternative to the native eval() function. It is similar to static-eval but focuses on safety by creating a separate context for code execution.

vm2

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. It is more feature-rich and secure compared to static-eval, offering fine-grained control over sandboxed code execution.

mathjs

mathjs is an extensive math library for JavaScript and Node.js, which can parse and evaluate mathematical expressions. It is more specialized for mathematical operations and includes a wider range of functions and constants compared to static-eval.

README

static-eval

evaluate statically-analyzable expressions

security

static-eval is like eval. It is intended for use in build scripts and code transformations, doing some evaluation at build time—it is NOT suitable for handling arbitrary untrusted user input. Malicious user input can execute arbitrary code.

example

var evaluate = require('static-eval');
var parse = require('esprima').parse;

var src = process.argv[2];
var ast = parse(src).body[0].expression;

console.log(evaluate(ast));

If you stick to simple expressions, the result is statically analyzable:

$ node '7*8+9'
65
$ node eval.js '[1,2,3+4*5-(5*11)]'
[ 1, 2, -32 ]

but if you use statements, undeclared identifiers, or syntax, the result is no longer statically analyzable and evaluate() returns undefined:

$ node eval.js '1+2+3*n'
undefined
$ node eval.js 'x=5; x*2'
undefined
$ node eval.js '5-4*3'
-7

You can also declare variables and functions to use in the static evaluation:

var evaluate = require('static-eval');
var parse = require('esprima').parse;

var src = '[1,2,3+4*10+n,foo(3+5),obj[""+"x"].y]';
var ast = parse(src).body[0].expression;

console.log(evaluate(ast, {
    n: 6,
    foo: function (x) { return x * 100 },
    obj: { x: { y: 555 } }
}));

methods

var evaluate = require('static-eval');

evaluate(ast, vars={})

Evaluate the esprima-parsed abstract syntax tree object ast with an optional collection of variables vars to use in the static expression resolution.

If the expression contained in ast can't be statically resolved, evaluate() returns undefined.

install

With npm do:

npm install static-eval

license

MIT