A minimalist (5085 bytes) and safe expression compiler and evaluator.
You can experiment with expressions here.
-
npm install punyexpr -
with ESM:
import { punyexpor } from 'punyexpr' -
with CommonJS:
const { punyexpr } = require('punyexpr') -
Types are included in the package
const incValue = punyexpr('value + 1')incValue({ value: 1 }) // 2Use with punybind@>=1.2.0
const safebind = punybind.use({
compiler: punyexpr
})
// Use safebind to bind HTML-
Regular expressions are not secure and are not allowed by default,
-
Set the option
{ regex: true }to enable regular expressions using the default JavaScript implementation:
const unsecure = punyexpr('value.match(/a+b/)', { regex: true })- Or plug any custom regular expression builder:
const unsecure = punyexpr('value.match(/a+b/)', { regex: (pattern, flags) => new RegExp(pattern, flags) })- Check the source for the implemented grammar,
in particular the following are not supported :- Bitwise, async and coalesce operations
newandthis- Object literals
- See the types definitions for complete API,
- See the tests for supported expressions,
- The implementation is compliant with Content Security Policy.