JavaScript expression parsing and evaluation.

IMPORTANT: As mentioned under Security below, this library does not attempt to provide a secure sandbox for evaluation. Evaluation involving user inputs (expressions or values) may lead to unsafe behavior. If your project requires a secure sandbox, consider alternatives such as vm2.

Powered by jsep.

Installation

Install:

npm install --save expression- eval

Import:

import { parse, eval } from 'expression-eval' ; const { parse, eval } = require ( 'expression-eval' ); const { parse, eval } = window .expressionEval;

API

Parsing

import { parse } from 'expression-eval' ; const ast = parse( '1 + foo' );

The result of the parse is an AST (abstract syntax tree), like:

{ "type" : "BinaryExpression" , "operator" : "+" , "left" : { "type" : "Literal" , "value" : 1 , "raw" : "1" }, "right" : { "type" : "Identifier" , "name" : "foo" } }

Evaluation

import { parse, eval } from 'expression-eval' ; const ast = parse( 'a + b / c' ); const value = eval (ast, { a : 2 , b : 2 , c : 5 });

Alternatively, use evalAsync for asynchronous evaluation.

Compilation

import { compile } from 'expression-eval' ; const fn = compile( 'foo.bar + 10' ); fn({ foo : { bar : 'baz' }});

Alternatively, use compileAsync for asynchronous compilation.

Security

Although this package does avoid the use of eval() , it cannot guarantee that user-provided expressions, or user-provided inputs to evaluation, will not modify the state or behavior of your application. This library does not attempt to provide a secure sandbox for evaluation. Evaluation of arbitrary user inputs (expressions or values) may lead to unsafe behavior. If your project requires a secure sandbox, consider alternatives such as vm2.

License

MIT License.