{"id":20625454,"url":"https://github.com/ianchi/espression","last_synced_at":"2026-03-09T01:32:17.995Z","repository":{"id":28346366,"uuid":"117633586","full_name":"ianchi/ESpression","owner":"ianchi","description":"ECMAScript Expressions parser and static eval","archived":false,"fork":false,"pushed_at":"2023-01-07T02:18:29.000Z","size":1457,"stargazers_count":19,"open_issues_count":6,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-08-28T09:13:01.568Z","etag":null,"topics":["ast","ecmascript-expressions-parser","esprima","expression","expression-evaluator","jsonpath","static-eval"],"latest_commit_sha":null,"homepage":"https://ianchi.github.io/ESpression-tester/","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ianchi.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-01-16T05:02:13.000Z","updated_at":"2025-05-15T10:28:32.000Z","dependencies_parsed_at":"2023-01-14T08:40:09.570Z","dependency_job_id":null,"html_url":"https://github.com/ianchi/ESpression","commit_stats":null,"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"purl":"pkg:github/ianchi/ESpression","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianchi%2FESpression","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianchi%2FESpression/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianchi%2FESpression/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianchi%2FESpression/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ianchi","download_url":"https://codeload.github.com/ianchi/ESpression/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ianchi%2FESpression/sbom","scorecard":{"id":478298,"data":{"date":"2025-08-11","repo":{"name":"github.com/ianchi/ESpression","commit":"f8b3af2843f813a1d218b569b46ee322a232ea0f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.7,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/node.js.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/ianchi/ESpression/node.js.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/ianchi/ESpression/node.js.yml/master?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":0,"reason":"15 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-4rq4-32rv-6wp6","Warn: Project is vulnerable to: GHSA-64g7-mvw6-v9qj","Warn: Project is vulnerable to: GHSA-7p7h-4mm5-852v","Warn: Project is vulnerable to: GHSA-38fc-wpqx-33j7","Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-19T15:53:58.003Z","repository_id":28346366,"created_at":"2025-08-19T15:53:58.004Z","updated_at":"2025-08-19T15:53:58.004Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274408402,"owners_count":25279475,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-10T02:00:12.551Z","response_time":83,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ast","ecmascript-expressions-parser","esprima","expression","expression-evaluator","jsonpath","static-eval"],"created_at":"2024-11-16T13:09:36.632Z","updated_at":"2026-03-09T01:32:17.958Z","avatar_url":"https://github.com/ianchi.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ESpression\n\n_Small and customizable EcmaScript expression parser and static eval._\n\nTry it live at [ESpression Tester](https://ianchi.github.io/ESpression-tester/)\n\nThe goal is to have a specialized expression parser with a small footprint, but full ES5+ feature set and possibility to create new syntax.\n\nInspired by [jsep](https://github.com/soney/jsep) Java Script Expression Parser.\n\n## Goals\n\nESpression can be used with different purposes:\n\n- as a parser to generate an AST for an expression\n- to do static evaluation of an expression's AST\n- to evaluate [jsonPath expressions](http://goessner.net/articles/JsonPath/index.html#e2), as a special case of the above\n- to do _reactive_ evaluation of expressions involving observable operands.\n- your own use case.\n\nThe easiest way to use it is through one of the presets, but it can also be completely configured to parse with custom rules.\n\n## Usage\n\nIn most cases it can be used directly importing one of the included presets.\nFor advanced cases, new custom presets can be defined.\n\n### Presets:\n\n- **basic** (jsep compatible): `BasicParser, BasicEval`\n- **ES5**: `ES5Parser, ES5StaticEval`\n- **ES6**: `ES6Parser, ES6StaticEval`\n- **ESnext**: `ESNextParser, ESNextStaticEval`\n\n```\nimport { ESNextParser, ESNextStaticEval } from 'espression';\n\nconst parser = new ESNextParser();\nconst staticEval = new ESNextStaticEval();\n\nlet ast = parser.parse('a + b * c');\nlet result = staticEval.evaluate(ast, {a:1, b:2, c:3});\n```\n\nThis preset can return Esprima compatible AST (ExpressionStatements inside a Program Body).\n\n#### ES5 Preset\n\nAll ES5 expressions are supported, except for function expressions (as it would require to parse statements in the body).\n\nThe parser returns _ESPRIMA_ compatible AST.\n\n```\n  ES5Parser(\n    noStatement?: boolean,\n    identStart?: ICharClass,\n    identPart?: ICharClass,\n    range?: boolean\n  )\n\n  ES5StaticEval()\n```\n\n`noStatement`: if `true` returns directly the expression's AST, not wrapped in a `Program` + `ExpressionStatement` nodes\n\n`identStart`: allows to customize the valid identifier start characters. If undefined defaults to `[$_A-Za-z]`. To be fully ES5 compliant with all unicode characters allowed, you could import and pass `es5IdentStart` object\n\n`identPart`: allows to customize the valid identifier part characters. If undefined defaults to `[$_0-9A-Za-z]`. To be fully ES5 compliant with all unicode characters allowed, you could import and pass `es5IdentPart` object\n\n`range`: if `true` _range_ information is included in the parsed AST, as an array with the starting and ending position in the source text\n\n#### ES6 Preset\n\n```\n  ES6Parser(\n    noStatement?: boolean,\n    identStart?: ICharClass,\n    identPart?: ICharClass,\n    range?: boolean\n  )\n\n  ES6StaticEval()\n```\n\nIn addition to ES5 it adds support for:\n\n- template literals\n- tagged template expressions\n- array spread operator\n- object literal: shorthand and computed properties\n- arrow function expressions (only with _expression_ body)\n- destructuring assignment\n\n#### ESNext Preset\n\n```\n  ESNextParser(\n    noStatement?: boolean,\n    identStart?: ICharClass,\n    identPart?: ICharClass,\n    range?: boolean\n  )\n\n  ESNextStaticEval()\n```\n\nIn addition to ES6 it adds support for:\n\n- exponential operator ( a \\*\\* b)\n- optional chain expressions (a?.b || o?.[m])\n- nullish coalescing operator ( a ?? 10)\n\n#### Basic Preset\n\nLimited expressions, compatible with **JSEP** syntax. It is a bit smaller, but almost negligible.\n\n```\nBasicParser()\n\nBasicEval()\n\n```\n\nThis parser is not configurable\n\nReturns a jsep compatible AST (with compound statements). Keeps same limitations for expressions (i.e. no RegExp literals, no object literals, no assignment).\n\nThe static evaluation could also be performed by the same ES5Eval preset as this AST is a subset of the other.\n\n### jsonPath expressions\n\njsonPath expressions can be parsed \u0026 evaluated with a preset provided by [ESpression-jsonpath](http://github.com/ianchi/espression-jsonpath) extension package.\n\n### Reactive Eval\n\nReactive expressions can be evaluated using [ESpression-rx](http://github.com/ianchi/espression-rx) extension package.\nThe evaluation returns an observable which emits the result each time any operand emits a result.\n\n## Parser\n\nThe parser aims to be fully customizable, so it is split into a basic core and then a set of rules that do the actual parsing, conforming to an API. The rules themselves try to be a generalization of a case, and so also customizable.\nTo have a working parser, you need to instantiate one with a configured set of rules.\n\n### API\n\n```\nparser.parse(expr: string): ASTnode\n```\n\nParses the expression and returns the corresponding AST or throws an error.\nThe error object thrown has `position` property indicating the location in the string where the parsing error occurred.\n\n## Static Eval\n\nA configurable static eval is included to evaluate parsed expressions.\n\n### API\n\n```\nstaticEval.evaluate(node: ASTnode, context: object): any\n```\n\nEvaluates the AST of an expression and returns its result or throws an error.\nThe error object has a `node` property with the subexpression AST that triggered the error.\nIf range information was enabled in the parsers and present in the AST it can be used to identify the position of the error.\n\n## Bundling\n\nEach of these components is fully independent, so that when included with es6 imports, your final bundle can then be tree shaken, and only the used presets/rules included.\n\n## License\n\n[MIT](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fianchi%2Fespression","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fianchi%2Fespression","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fianchi%2Fespression/lists"}