Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
un-eval
un_eval is a function that converts an Object to its source.
Usage
You may use un_eval in node or browser like this:
un_eval(yourObject)
Support types
The un_eval support following types
| Type | Support |
|---|---|
| null | (Yes) |
| undefined | (Yes) |
| number | (Yes) |
| string | (Yes) |
| boolean | (Yes) |
| Number | (Yes) |
| String | (Yes) |
| Boolean | (Yes) |
| Date | (Yes) |
| RegExp | (Yes) |
| function | (Yes)[1] |
| Array | (Yes) |
| Object | (Yes)[2][3] |
Notes:
- ES5 style function only. Arrow functions, generator functions, and, native functions are not supported.
- All other object is treated as Object type.
({}), or[]will be generated if any circular found.
Examples
un_eval(3); // '3'
un_eval(Math.PI); // '3.141592653589793'
un_eval('hello'); // '"hello"'
un_eval(Object(false)); // 'new Boolean(false)'
un_eval(function (x) { return x + 1; }); // '(function (x) { return x + 1; })'
un_eval(/regexp/ig); // '/regexp/gi'
un_eval(new Date(978307200000)); // '(new Date(978307200000))'
un_eval([1,2,3]); // '[1, 2, 3]'
un_eval({x: 2, y: 3}); // '({"x":2, "y":3})'
var obj1 = {};
obj1.x = obj1.y = { value: 3 };
un_eval(obj1); // '({"y":({"value":3}), "x":({"value":3})})'
var obj2 = {};
obj2.x = {};
obj2.y = {};
obj2.x.y = obj2.y;
obj2.y.x = obj2.x;
un_eval(obj2); // '({"x":({"y":({"x":({})})}), "y":({"x":({"y":({})})})})'
eval & uneval
un_eval is disgned to be similar to uneval but works cross browser.
un_eval is similar to uneval, but there are few difference:
un_evalcurrently do not support some types such asError.un_evalwill convert native function to"null".un_evalwill format codes differently fromuneval.
Warning
Although, un_eval is designed to output source with no side effect. But there may be some bugs or limitations in the code. You should avoid using un_eval any untrustable objects (maybe from user input) then eval it. NEVER use eval unless you know what will happen.
USE AS YOUR OWN RISK.
License
The MIT License
FAQs
un_eval converts an Object to its source
The npm package un-eval receives a total of 79,304 weekly downloads. As such, un-eval popularity was classified as popular.
We found that un-eval demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 02 Jul 2018
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025