@casbin/expression-eval
v5.3.0
Published
JavaScript expression parsing and evaluation.
Downloads
58,804
Maintainers
Readme
expression-eval
JavaScript expression parsing and evaluation.
Powered by jsep.
Installation
Install:
npm install --save @casbin/expression-eval
Import:
// ES6
import { parse, eval } from '@casbin/expression-eval';
// CommonJS
const { parse, eval } = require('@casbin/expression-eval');
// UMD / standalone script
const { parse, eval } = window['@casbin/expression-eval'];
API
Parsing
import { parse } from '@casbin/expression-eval';
const ast = parse('1 + foo');
The result of the parse is an AST (abstract syntax tree), like:
{
"type": "BinaryExpression",
"operator": "+",
"left": {
"type": "Literal",
"value": 1,
"raw": "1"
},
"right": {
"type": "Identifier",
"name": "foo"
}
}
Evaluation
import { parse, eval } from '@casbin/expression-eval';
const ast = parse('a + b / c'); // abstract syntax tree (AST)
const value = eval(ast, {a: 2, b: 2, c: 5}); // 2.4
Alternatively, use evalAsync
for asynchronous evaluation.
Compilation
import { compile } from '@casbin/expression-eval';
const fn = compile('foo.bar + 10');
fn({foo: {bar: 'baz'}}); // 'baz10'
Alternatively, use compileAsync
for asynchronous compilation.
Security
Although this package does avoid the use of eval()
, it cannot guarantee that user-provided expressions, or user-provided inputs to evaluation, will not modify the state or behavior of your application. This library does not attempt to provide a secure sandbox for evaluation. Evaluation of arbitrary user inputs (expressions or values) may lead to unsafe behavior. If your project requires a secure sandbox, consider alternatives such as vm2.
License
Apache 2.0 License.