Node.js Module Content Evaluator
The `eval` package for Node.js provides a mechanism to evaluate JavaScript code strings as if they were standalone modules loaded via `require()`, but without necessitating a file path. It leverages Node.js's built-in `vm` module to create a sandboxed environment for execution. This allows developers to programmatically load and execute module content from non-standard locations or inject custom contexts and scopes into the evaluated code. A key feature is the ability to control access to global variables, including `require()` itself, through an `includeGlobals` option. The package is currently at version 0.1.8, indicating a very mature or, more likely, an inactive development status. Its release cadence is effectively dormant. It differentiates itself from a simple `eval()` by mimicking Node's module loading environment, making it suitable for scenarios requiring dynamic module-like code execution within a controlled environment.
Common errors
-
ReferenceError: require is not defined
cause The evaluated content attempted to use `require()` or other global Node.js objects without explicitly enabling global access.fixPass `true` as the `includeGlobals` argument (the fourth parameter) to the `_eval` function: `_eval(content, filename, scope, true)`. -
TypeError: _eval is not a function
cause Attempting to import the `_eval` function using ECMAScript Modules (ESM) `import` syntax.fixThis package is CommonJS-only. Use `const _eval = require('eval')` to correctly import the function.
Warnings
- breaking The package is effectively abandoned (version 0.1.8, last commit likely from 2013-2014 based on common Node.js ecosystem patterns of the time). This implies no future bug fixes, security patches, or compatibility updates for newer Node.js versions, which could lead to unexpected behavior or security issues.
- gotcha The `includeGlobals` option can expose sensitive Node.js global objects (like `process`, `require`, `module`, etc.) to the evaluated code. If the code `content` originates from an untrusted source, this can lead to severe security vulnerabilities.
- gotcha This package relies on Node.js's `vm` module, which has seen various improvements and behavioral changes across Node.js versions. Given the package's age, its implementation might have subtle differences or limitations compared to modern `vm` usage in newer Node.js environments.
Install
-
npm install eval -
yarn add eval -
pnpm add eval
Imports
- _eval
import _eval from 'eval'
const _eval = require('eval')
Quickstart
const _eval = require('eval');
// Example 1: Evaluate a simple assignment and export
let res1 = _eval('var x = 123; exports.x = x');
console.log('Result 1 (simple export):', res1); // Expected: { x: 123 }
// Example 2: Evaluate a function export
let res2 = _eval('module.exports = function () { return 456 }');
console.log('Result 2 (function export call):', res2()); // Expected: 456
// Example 3: Evaluate with global access (e.g., process)
// Note: The `true` argument enables `includeGlobals`.
let res3 = _eval('exports.pid = process.pid', 'dummy.js', {}, true);
console.log('Result 3 (process.pid):', res3.pid); // Expected: current process ID
// Example 4: Evaluate with a custom scope
let customScope = { myVar: 'hello world' };
let res4 = _eval('exports.message = `The var is ${myVar}`', 'scope.js', customScope);
console.log('Result 4 (custom scope):', res4.message); // Expected: "The var is hello world"