https://github.com/shahradelahi/node-eval
🔒 Secure Code Evaluation, Simplified.
https://github.com/shahradelahi/node-eval
eval neval nodejs safe sandbox
Last synced: 11 months ago
JSON representation
🔒 Secure Code Evaluation, Simplified.
- Host: GitHub
- URL: https://github.com/shahradelahi/node-eval
- Owner: shahradelahi
- License: mit
- Created: 2024-11-18T01:00:52.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-04-09T00:13:33.000Z (11 months ago)
- Last Synced: 2025-04-09T21:16:01.393Z (11 months ago)
- Topics: eval, neval, nodejs, safe, sandbox
- Language: TypeScript
- Homepage: https://npmjs.com/neval
- Size: 67.4 KB
- Stars: 69
- Watchers: 1
- Forks: 1
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# node-eval
[](https://github.com/shahradelahi/node-eval/actions/workflows/ci.yml)
[](https://www.npmjs.com/package/neval)
[](/LICENSE)
[](https://packagephobia.com/result?p=neval)
_neval_ is a zero-dependency, lightweight utility for securely evaluating code in a sandboxed environment in Node.js.
---
- [Installation](#-installation)
- [Usage](#-usage)
- [Documentation](#-documentation)
- [Contributing](#-contributing)
- [License](#license)
## 📦 Installation
```bash
npm install neval
```
## 📖 Usage
```typescript
import { neval, nevalFile } from 'neval';
const result = neval('1 + 1');
console.log(result); // 2
const result2 = await nevalFile('./file.js');
console.log(result2); // Whatever file.js returns
const result3 = await neval(
`
async function main() {
await sleep(1e3); // The "sleep" function will be injected through context
return 1 + 1;
}
main();
`,
{
context: {
sleep: async (ms: number) => {
return new Promise((resolve) => setTimeout(resolve, ms));
},
},
}
);
console.log(result3); // Result after 1 second is 2
const result4 = await neval(
`
fetch('https://example.com', { method: 'HEAD' })
.then((resp) => resp.statusText);
`,
{
// By default, the "fetch" API is not available, you must add it to the context
context: { fetch },
}
);
console.log(result4); // OK
```
Importing `neval/register` will register the `neval` function on the global object and overrides the `eval` function.
```typescript
import 'neval/register';
console.log(eval('1 + 1')); // 2
```
Why is it important to register it globally? The `neval` is sandboxed and much more secure than just using the `eval` function. Read more about [eval](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval).
Are you looking for more examples? Check out the [unit tests](/tests/eval.test.ts).
## 📚 Documentation
For all configuration options, please see [the API docs](https://www.jsdocs.io/package/neval).
##### API
```typescript
function neval(code: any, options?: EvalOptions): any;
function nevalFile(path: string, options?: EvalOptions): Promise;
function register(): void;
```
## 🤝 Contributing
Want to contribute? Awesome! To show your support is to star the project, or to raise issues on [GitHub](https://github.com/shahradelahi/node-eval)
Thanks again for your support, it is much appreciated! 🙏
## Relevant
- [isolated-vm](https://github.com/laverdet/isolated-vm)
## License
[MIT](/LICENSE) © [Shahrad Elahi](https://github.com/shahradelahi)