better-eval v1.3.0

An alternative to eval() in JavaScript that is customizable and safer!

The eval function sucks, lacking any form of security and customizability. Other implementations are inadequate - ranging from being abandonded to overcomplicated. better-eval offers a solution, providing a modern alternative to the eval function with all the bells and whistles out of the box.

Why Better-Eval?

• 🕊 Small and lightweight.
• ⚡ A simple and easy to use API.
• 🛠️ Easily customizable for your needs.
• ✅ Tested and mantained.

Installation

npm install better-eval

Usage

First, import the package:

const betterEval = require("better-eval");

Then call the function with something you want to be evaluated:

betterEval("1+1"); // returns 2

And its as simple as that! Any code will not be able to access variables you define unless explicitly passed.

Passing Variables

Include any variables as part of an object which you pass in as the second parameter:

const name = "Sam";

betterEval("`Hey ${name}`", { name }); // returns 'Hey Sam'

You can also pass functions as a part of the second parameter, and evaluate them in your code:

const returnName = () => "Bob";

betterEval("`Hey ${returnName()}`", { returnName }); // returns 'Hey Bob'

Blacklist

For your safety, any of these global variables on the blacklist will not be added to your variables:

• global
• process
• module
• require
• document
• window
• Window
• eval
• Function

Here is how they will be handled:

betterEval("`Sum is ${eval('1+1')}`", { eval }); // eval is null!

Remember: never use better-eval blindly with user code. These checks are precautions for your own usage, but any user with maltious intent could find a way to get through them. Thus, use this package with caution.

Configuring the VM

If you want to have more control over the VM that runs your code, you can pass in an vmOptions parameter:

betterEval(
  "1+1", {},
  {
    fileName: "counting",
    lineOffset: 1,
  }
);

A complete list of options can be found here.

License

better-eval is MIT-licensed open-source software created by Bharadwaj Duggaraju.