static-eval
static-eval copied to clipboard
browserify
evaluate statically-analyzable expressions
Hi @goto-bus-stop , there is a CVE in word-wrap: https://github.com/jonschlinkert/word-wrap/pull/33 It is fixed and integrated in latest optionator 0.9.x, which is used in escodegen 2.x. Is there any chance to...
``` const { parse } = require('esprima'); const staticEval = require('static-eval'); const ast = parse('(() => 1)()'); const val = staticEval(ast.body[0].expression, {}, { allowAccessToMethodsOnFunctions: true }); // val is undefined...
Issue picked up and reported in Snyk: https://snyk.io/vuln/SNYK-JS-STATICEVAL-1056765
Why does the following work: ```js [1, 2].map(function(x) { return x + 1 }) ``` But not the following: ```js [{a: 1}, {a: 2}].map(function(x) { return x["a"] }) ``` Since...
My test code looks like this: ```js var evaluate = require('static-eval'); var parse = require('esprima').parse; var src = 'foo(function (obj) { return obj.x })'; var ast = parse(src).body[0].expression; var result...
Arrow functions are like normal functions but con only have a single body. This PR supports code like ```javascript _.every( myarray, c => c.foo === 'bar' ) ```
This MR resolve exception as below: ` values.map(function(item){ return item.x}) ` This MR change function's parameter's initial value to a flag, so that we can skip execution of parameter's member...
## poc ```js // make pollution const evaluate = require('static-eval'); const parse = require('esprima').parse; var src = `({})['__proto__']['__defineGetter__']('toString', ({})['constructor'])` var ast = parse(src).body[0].expression; evaluate(ast); // serve webapp const express =...
Sometimes nodes are supposed to resolve to `undefined`, so we can't rely on that alone to check if an evaluation succeeded. This PR adds a property that you can check...
This is a good project but it's very hard to know what's wrong. We only know when there is a problem by getting undefined.. But if the expression does not...
