npmpackage.info

Gathering detailed insights and metrics for expression-eval

Other packages similar to expression-eval

math-expression-evaluator

2.0.6

A flexible math expression evaluator

static-eval

2.1.1

evaluate statically-analyzable expressions

expr-eval

2.0.2

Mathematical expression evaluator

eval-estree-expression

3.0.0

Safely evaluate JavaScript (estree) expressions, sync and async.

Gathering detailed insights and metrics for expression-eval

expression-eval - 5.0.1 | npmpackage.info

expression-eval

JavaScript expression parsing and evaluation.

5.0.1

198

MIT

TypeScript

3.17 kB

39,194,719 2.5

Installations

npm install expression-eval

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Node Version

18.12.1

NPM Version

9.7.1 Score

99.5

Supply Chain

93.5

Quality

75.7

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

0

Total

45

Closed

11

Merged

34

Issues

Open

0

Total

30

Closed

30

Releases

Unable to fetch releases

Languages

TypeScript

JavaScript

TypeScript (59%)

JavaScript (41%)

Developer

donmccurdy

Download Statistics

Total Downloads

39,194,719

Last Day

41,078

Last Week

228,789

Last Month

964,264

Last Year

10,634,396

GitHub Statistics

MIT License

198 Stars

123 Commits

48 Forks

7 Watchers

1 Branches

14 Contributors

Updated on Oct 03, 2024

Bundle Size

9.50 kB

Minified

3.17 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 14 Contributors

Package Meta Information

Latest Version

5.0.1

Package Id

expression-eval@5.0.1

Unpacked Size

76.26 kB

Size

10.92 kB

File Count

NPM Version

9.7.1

Node Version

18.12.1

Published on

Jun 19, 2023

Total Downloads

Cumulative downloads

Total Downloads

39,194,719

Last Day

66.7%

41,078

Compared to previous day

Last Week

-0.7%

228,789

Compared to previous week

Last Month

964,264

Compared to previous month

Last Year

10.1%

10,634,396

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

jsep

Dev Dependencies

@types/tape @typescript-eslint/eslint-plugin eslint microbundle source-map-support tap-spec tape typescript

expression-eval

JavaScript expression parsing and evaluation.

⚠️ UNMAINTAINED: The expression-eval npm package is no longer maintained. The package was originally published as part of a now-completed personal project, and I do not have incentives to continue maintenance. Please feel free to use the code, but be aware that support and updates will not be available.

⚠️ SECURITY NOTICE: As mentioned under Security below, this library does not attempt to provide a secure sandbox for evaluation. Evaluation involving user inputs (expressions or values) may lead to unsafe behavior. If your project requires a secure sandbox, consider alternatives such as vm2.

Installation

Install:

npm install --save expression-eval

Import:

1// ES6
2import { parse, eval } from 'expression-eval';
3// CommonJS
4const { parse, eval } = require('expression-eval');
5// UMD / standalone script
6const { parse, eval } = window.expressionEval;

API

Parsing

1import { parse } from 'expression-eval';
2const ast = parse('1 + foo');

The result of the parse is an AST (abstract syntax tree), like:

1{
2  "type": "BinaryExpression",
3  "operator": "+",
4  "left": {
5    "type": "Literal",
6    "value": 1,
7    "raw": "1"
8  },
9  "right": {
10    "type": "Identifier",
11    "name": "foo"
12  }
13}

Evaluation

1import { parse, eval } from 'expression-eval';
2const ast = parse('a + b / c'); // abstract syntax tree (AST)
3const value = eval(ast, {a: 2, b: 2, c: 5}); // 2.4

Alternatively, use evalAsync for asynchronous evaluation.

Compilation

1import { compile } from 'expression-eval';
2const fn = compile('foo.bar + 10');
3fn({foo: {bar: 'baz'}}); // 'baz10'

Alternatively, use compileAsync for asynchronous compilation.

Security

Although this package does avoid the use of eval(), it cannot guarantee that user-provided expressions, or user-provided inputs to evaluation, will not modify the state or behavior of your application. This library does not attempt to provide a secure sandbox for evaluation. Evaluation of arbitrary user inputs (expressions or values) may lead to unsafe behavior. If your project requires a secure sandbox, consider alternatives such as vm2.

License

MIT License.

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

2.5

/10

Last Scanned on 2025-05-05

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More