Google Git
Sign in
apache/casbin-node-casbin-expression-eval/2a51de97563b995c554c7f8aa1eb852d85ce78d9
commit
2a51de97563b995c554c7f8aa1eb852d85ce78d9
[log]
author
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Fri Jul 22 16:41:43 2022 +0000
committer
Don McCurdy <dm@donmccurdy.com>
Fri Jul 22 12:16:59 2022 -0500
tree
b5aae4c00a8a076cbf49544d7a4af067b6e92a84
parent
fd5f9d2855b2c6c4d62c5ca6f05e450d83ab0353 [diff]
Bump nanoid from 3.1.23 to 3.3.4

Bumps [nanoid](https://github.com/ai/nanoid) from 3.1.23 to 3.3.4.
- [Release notes](https://github.com/ai/nanoid/releases)
- [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md)
- [Commits](https://github.com/ai/nanoid/compare/3.1.23...3.3.4)

---
updated-dependencies:
- dependency-name: nanoid
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
1 file changed
tree: b5aae4c00a8a076cbf49544d7a4af067b6e92a84
  1. .github/
  2. .eslintrc.json
  3. .gitignore
  4. index.ts
  5. LICENSE
  6. package-lock.json
  7. package.json
  8. README.md
  9. test.js
  10. tsconfig.json
README.md

expression-eval

Latest NPM release Minzipped size License CI

JavaScript expression parsing and evaluation.

IMPORTANT: As mentioned under Security below, this library does not attempt to provide a secure sandbox for evaluation. Evaluation involving user inputs (expressions or values) may lead to unsafe behavior. If your project requires a secure sandbox, consider alternatives such as vm2.

Powered by jsep.

Installation

Install:

npm install --save expression-eval

Import:

// ES6
import { parse, eval } from 'expression-eval';
// CommonJS
const { parse, eval } = require('expression-eval');
// UMD / standalone script
const { parse, eval } = window.expressionEval;

API

Parsing

import { parse } from 'expression-eval';
const ast = parse('1 + foo');

The result of the parse is an AST (abstract syntax tree), like:

{
  "type": "BinaryExpression",
  "operator": "+",
  "left": {
    "type": "Literal",
    "value": 1,
    "raw": "1"
  },
  "right": {
    "type": "Identifier",
    "name": "foo"
  }
}

Evaluation

import { parse, eval } from 'expression-eval';
const ast = parse('a + b / c'); // abstract syntax tree (AST)
const value = eval(ast, {a: 2, b: 2, c: 5}); // 2.4

Alternatively, use evalAsync for asynchronous evaluation.

Compilation

import { compile } from 'expression-eval';
const fn = compile('foo.bar + 10');
fn({foo: {bar: 'baz'}}); // 'baz10'

Alternatively, use compileAsync for asynchronous compilation.

Security

Although this package does avoid the use of eval(), it cannot guarantee that user-provided expressions, or user-provided inputs to evaluation, will not modify the state or behavior of your application. This library does not attempt to provide a secure sandbox for evaluation. Evaluation of arbitrary user inputs (expressions or values) may lead to unsafe behavior. If your project requires a secure sandbox, consider alternatives such as vm2.

License

MIT License.