{"id":23688,"library":"evalidate","title":"evalidate","description":"Evalidate is a Python library for validation and secure evaluation of untrusted Python expressions. Version 2.1.4 is current, with active development on GitHub. It provides an expression evaluator that restricts available nodes (e.g., no imports, no function calls unless whitelisted) to safely evaluate user-provided expressions.","status":"active","version":"2.1.4","language":"python","source_language":"en","source_url":"https://github.com/yaroslaff/evalidate","tags":["safe-eval","security","expression-validation","sandbox"],"install":[{"cmd":"pip install evalidate","lang":"bash","label":"Install from PyPI"}],"dependencies":[],"imports":[{"note":"Direct import of the module is the standard approach.","symbol":"evalidate","correct":"import evalidate"}],"quickstart":{"code":"import evalidate\n\n# Safe expression evaluation\nresult = evalidate.eval('1 + 2')\nprint(result)  # 3\n\n# Unsafe expression raises\n# evalidate.eval('__import__(\"os\")')  # Raises SecurityError","lang":"python","description":"Basic usage: evaluate a safe expression with the default restrictions."},"warnings":[{"fix":"Use evalidate.Eval with explicit node whitelist: Eval(whitelist=['Expression', 'Num', 'Str', 'Name', 'Load', 'BinOp', ...])","message":"evalidate does NOT block all unsafe expressions by default. For example, attribute access on objects is allowed (e.g., 'obj.__class__') unless explicitly restricted. Always configure a whitelist/blacklist for production use.","severity":"gotcha","affected_versions":"all"},{"fix":"Update calls to Eval.eval(expr, ctx) to Eval.eval(expr, global_ctx=ctx) or Eval.eval(expr, local_ctx=ctx, global_ctx=ctx) as needed.","message":"In version 2.1.0, the signature of Eval.eval() changed to accept both local and global context parameters. Code written for older versions using only one context may break.","severity":"breaking","affected_versions":"<2.1.0"},{"fix":"Remove 'Is' and 'IsNot' from the whitelist if you want to disallow identity comparisons.","message":"The default whitelist includes Is and IsNot nodes (since v2.1.3). This can be surprising if you expected strict equality only.","severity":"gotcha","affected_versions":">=2.1.3"}],"env_vars":null,"last_verified":"2026-05-01T00:00:00.000Z","next_check":"2026-07-30T00:00:00.000Z","problems":[{"fix":"Use evalidate.Eval with whitelist/blacklist instead of evalidate.security.","cause":"The old API evalidate.security was removed in version 2.0.0.","error":"AttributeError: module 'evalidate' has no attribute 'security'"},{"fix":"If you need to allow specific function calls, use a custom whitelist: Eval(whitelist=['Call', ...]) and provide allowed functions via global context.","cause":"The expression contains a function call, which is blacklisted by default.","error":"evalidate.exceptions.SecurityError: Node type 'Call' is blacklisted"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}