{"id":14928,"library":"spel2js","title":"SpEL2JS Parser","description":"spel2js is a JavaScript library designed to parse and evaluate Spring Expression Language (SpEL) expressions within a defined context. Its primary purpose is to allow single-page applications to mirror server-side authorization logic, reducing duplication and inconsistencies in UI-related permissions. The library provides a JavaScript implementation of the SpEL parser, aiming to mimic the behavior documented for Spring Framework. It exports a singleton object containing `StandardContext` for creating evaluation contexts (which manage `authentication` and `principal` objects) and `SpelExpressionEvaluator` for compiling and executing SpEL expressions. The latest published version is 0.2.9, but significant development activity appears to have ceased around 2016 (judging by the release notes and `bower` references), indicating it is not actively maintained. It targets Node.js environments `>=8` but its age suggests potential compatibility challenges with modern JavaScript ecosystems and build tools.","status":"abandoned","version":"0.2.9","language":"javascript","source_language":"en","source_url":"git://github.com/benmarch/spel2js","tags":["javascript","parse","parser","spring","authorization","spel","spring expression language","expression","spring expression"],"install":[{"cmd":"npm install spel2js","lang":"bash","label":"npm"},{"cmd":"yarn add spel2js","lang":"bash","label":"yarn"},{"cmd":"pnpm add spel2js","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"The library exports a default singleton object containing `StandardContext` and `SpelExpressionEvaluator`.","wrong":"import { spel2js } from 'spel2js';","symbol":"spel2js","correct":"import spel2js from 'spel2js';"},{"note":"While CommonJS `require` might work in older Node.js environments, modern projects should use ES module imports for direct access to these properties from the default export object.","wrong":"const { StandardContext, SpelExpressionEvaluator } = require('spel2js');","symbol":"StandardContext, SpelExpressionEvaluator","correct":"import { StandardContext, SpelExpressionEvaluator } from 'spel2js';"},{"note":"For CommonJS environments, the entire module is imported as a singleton object. Direct named imports (`import { Name } from 'pkg'`) may not work as expected in pure CJS without transpilation or specific interop settings.","wrong":"import spel2js from 'spel2js';","symbol":"require('spel2js')","correct":"const spel2js = require('spel2js');"}],"quickstart":{"code":"import { StandardContext, SpelExpressionEvaluator } from 'spel2js';\n\n// Mock Spring Security Authentication object and a principal object\nconst mockAuthentication = {\n  details: {\n    name: 'Darth Vader'\n  },\n  isAuthenticated: true\n};\n\nconst mockPrincipal = {\n  username: 'dvader',\n  roles: ['SITH_LORD', 'EMPIRE_ADMIRAL']\n};\n\n// Locals represent specific objects in the expression context\nconst locals = {\n  toDoList: {\n    owner: 'Darth Vader',\n    items: ['Destroy Alderaan', 'Build Death Star']\n  }\n};\n\nconst expression = '#toDoList.owner == authentication.details.name && authentication.isAuthenticated';\n\n// Create an evaluation context with mock data\nconst spelContext = StandardContext.create(mockAuthentication, mockPrincipal);\n\n// Evaluate the expression directly\nconst result = SpelExpressionEvaluator.eval(expression, spelContext, locals);\n\nconsole.log(`Expression: \"${expression}\"`);\nconsole.log(`Result: ${result}`); // Expected: true\n\n// Example of pre-compiling an expression for reuse\nconst compiledExpression = SpelExpressionEvaluator.compile('#toDoList.items.size() > 1');\nconst compiledResult = compiledExpression.eval(spelContext, locals);\nconsole.log(`Compiled expression result: ${compiledResult}`); // Expected: true","lang":"javascript","description":"This quickstart demonstrates how to set up an evaluation context, define local variables, and then evaluate a Spring Expression Language (SpEL) expression using `SpelExpressionEvaluator.eval()` or a pre-compiled expression."},"warnings":[{"fix":"Review and comply with the Apache License 2.0 terms. If prior versions under MIT were used, consider implications of updating.","message":"The license for spel2js was changed from MIT to Apache License. This change affects how the software can be used and distributed, requiring adherence to the Apache License 2.0 terms.","severity":"breaking","affected_versions":">=0.2.1"},{"fix":"Thoroughly test complex SpEL expressions in JavaScript to ensure they produce identical results to their Java counterparts, especially for security-sensitive logic. Open issues for discrepancies.","message":"SpEL2JS aims to replicate Java SpEL behavior but may exhibit subtle differences for complex expressions due to inherent differences between Java and JavaScript runtimes. The project maintainer explicitly states, 'if you come accross an expression that behaves differently than you would expect then please open an issue.'","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Exercise caution when using in new projects. Consider forking and updating for modern compatibility, or carefully vetting for security issues. Expect manual intervention for ESM compatibility in many build environments.","message":"The project appears to be unmaintained, with the last significant release activity around 2016. This means it may not be compatible with modern JavaScript features, build tools, or Node.js versions beyond `8.x` (as specified in `engines`). It also implies potential unaddressed security vulnerabilities or bugs.","severity":"gotcha","affected_versions":">=0.1.0"},{"fix":"Ensure the `authentication` and `principal` objects passed to `StandardContext.create()` precisely match the structure and properties expected by `spel2js` as documented or reverse-engineered from its source code, especially for properties accessed within SpEL expressions (e.g., `authentication.details.name`).","message":"The `StandardContext.create()` method expects `authentication` and `principal` arguments that mimic Spring Security's `Authentication` class and a principal object. Developers must construct these JavaScript objects manually to match the expected structure, which can be error-prone if not accurately replicated.","severity":"gotcha","affected_versions":">=0.1.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Change `const spel2js = require('spel2js');` to `import spel2js from 'spel2js';` and `const { StandardContext, SpelExpressionEvaluator } = require('spel2js');` to `import { StandardContext, SpelExpressionEvaluator } from 'spel2js';`.","cause":"Attempting to use CommonJS `require()` syntax in a pure ES module environment (e.g., in a modern Node.js project with `\"type\": \"module\"` in `package.json` or in a browser via modern bundlers).","error":"ReferenceError: require is not defined"},{"fix":"Remove `new` keyword. Access its members directly, e.g., `spel2js.StandardContext` or `spel2js.SpelExpressionEvaluator`.","cause":"Attempting to instantiate `spel2js` using `new spel2js()`. The library exports a pre-made singleton object, not a class or constructor.","error":"TypeError: spel2js is not a constructor"},{"fix":"Ensure that `authentication` and `principal` passed to `StandardContext.create()` are always valid object structures, even if empty, to avoid type validation errors within the library. Initialize them as `{}` if no specific data is available.","cause":"Passing `null` or `undefined` for `authentication` or `principal` arguments to `StandardContext.create()` when the SpEL expression expects properties from these objects, or when the library internally expects object references.","error":"Error: Invalid argument type: null. Expected: [object Object]"}],"ecosystem":"npm"}