π§
better-eval
eval()
in JavaScript that is customizable and safer!
An alternative to The eval function sucks, and there lacks alternatives that provide the same simplicity of the original eval function. better-eval solves this problem by adressing the security and speed issues, while delivering a sensible API.
Why Better-Eval?
-
π Small and Lightweight. -
β‘ A simple and easy to use API. -
π οΈ Easily customizable for your needs. -
β Tested and Mantained.
Installation
npm install better-eval
Usage
First, import the package:
const betterEval = require("better-eval");
Then call the function with something you want to be evaluated:
betterEval("1+1"); // returns 2
And its as simple as that! Any code will not be able to access variables you define unless explicitly passed.
Passing Variables
Include any variables as part of an object which you pass in as the second parameter:
const name = "Sam";
betterEval("`Hey ${name}`", { name }); // returns 'Hey Sam'
You can also pass functions as a part of the second parameter, and evaluate them in your code:
const returnName = () => "Bob";
betterEval("`Hey ${returnName()}`", { returnName }); // returns 'Hey Bob'
Blacklist
For your safety, any of these global variables on the blacklist will not be added to your variables:
global
process
module
require
document
window
Window
eval
Function
Here is how they will be handled:
betterEval("`Sum is ${eval('1+1')}`", { eval }); // eval is null!
Remember: never use better-eval blindly with user-code. These checks are precautions for your own usage, but any user with maltious intent could find a way to get through them. Thus, use this package with caution.
Configuring the VM
If you want to have more control over the VM that runs your code, you can pass in an vmOptions
parameter:
betterEval(
"1+1", {},
{
fileName: "counting",
lineOffset: 1,
}
);
A complete list of options can be found here.
License
better-eval is MIT-licensed open-source software created by Bharadwaj Duggaraju.