Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
mathparse
Artifacts are distributable versions of a package. It typically includes the source code and metadata
Advanced tools
- Version
- 0.2.7
- Maintainers
- 2
mathparse
A secure, multilingual mathematical expression evaluator for Python
mathparse is a Python library that safely parses and evaluates mathematical expressions from strings, supporting both numeric operators and natural language words across 13+ languages. Unlike Python's dangerous eval() function, mathparse provides a secure, zero-dependency solution for evaluating user-provided mathematical expressions.
Why mathparse?
✅ Security First - Never uses eval(), protecting against arbitrary code execution
✅ Multilingual Support - Parse math in English, Spanish, French, German, Chinese, and 8+ more languages
✅ Zero Dependencies - Pure Python implementation with no external requirements
✅ Natural Language - Understands "fifty times twenty plus ten" alongside standard notation
✅ Production Ready - Used in chatbots, calculators, voice assistants, and educational applications
✅ Well Tested - Comprehensive test suite ensuring reliability
Quick Examples
from mathparse import mathparse
# Standard numeric expressions
mathparse.parse('50 * (85 / 100)')
>>> 42.5
# Natural language in English
mathparse.parse('one hundred times fifty four', language='ENG')
>>> 5400
# Mixed notation
mathparse.parse('(seven * nine) + 8 - (45 plus two)', language='ENG')
>>> 24
# Other languages (French, Spanish, German, Chinese, etc.)
mathparse.parse('cinq plus trois', language='FRE')
>>> 8
mathparse.parse('cinco más tres', language='ESP')
>>> 8
Use Cases
- 🤖 Chatbots & Voice Assistants - Parse natural language math queries
- 🧮 Calculator Applications - Build safe calculators that accept text input
- 📚 Educational Software - Evaluate student-provided math expressions
- 🌐 Multilingual Apps - Support math parsing in users' native languages
- 🔐 Secure Code Evaluation - Replace dangerous
eval()calls with safe parsing - 📊 Data Processing - Extract and calculate values from natural language text
Security: Why Not eval()?
Python's eval() function executes arbitrary code, creating severe security vulnerabilities:
# DANGEROUS - Never do this with user input!
eval("__import__('os').system('rm -rf /')") # Deletes files
eval("__import__('requests').get('evil.com')") # Network access
mathparse is the safe alternative:
| Feature | eval() | mathparse |
|---|---|---|
| Mathematical expressions | ✅ | ✅ |
| Arbitrary code execution | ⚠️ YES - DANGEROUS | ❌ No |
| File system access | ⚠️ YES - DANGEROUS | ❌ No |
| Network access | ⚠️ YES - DANGEROUS | ❌ No |
| Import statements | ⚠️ YES - DANGEROUS | ❌ No |
| Security risk | 🔴 CRITICAL | 🟢 Safe |
| Dependencies | 0 | 0 |
| Natural language support | ❌ No | ✅ Yes |
| Multilingual | ❌ No | ✅ 13+ languages |
mathparse uses postfix (Reverse Polish) notation internally, ensuring only valid mathematical operations are performed. See our security documentation for technical details.
Performance
- Fast: Simple numeric expressions parse in microseconds
- Efficient: Minimal memory footprint, suitable for high-volume applications
- Scalable: Linear time complexity for expression evaluation
Language Support
The language parameter must be set in order to evaluate an equation that uses word operators. The language code should be a valid ISO 639-2 language code.
Installation
pip install mathparse
Documentation
See the full documentation at https://mathparse.chatterbot.us
Changelog
See release notes for changes.
FAQs
mathparse is a library for solving mathematical equations contained in strings
We found that mathparse demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025