funex

Module for evaluating functional expressions

npm install funex
18 downloads in the last week
36 downloads in the last month

Funex

Javascript utility for secure evaluation of functional expressions.

Example usage:

result = funex("members[id].name.fullname()", model);

Features

  • Expressions are evaluated and executed in a controlled and secure scope
  • Minified source is around 2k
  • Supports function calls, dot notation, array/object members, strings, numbers
  • Use array of objects to simulate closures.
  • The syntax is a familiar subset of javascript
  • Simple because it is logic-less: no operators, statements or boolean logic.
  • Throws readable syntax errors
  • Runs both in browser and on the server
  • No complex api or configuration, a single function to use
  • Compiled expressions can be cached and reused
  • Minimal overhead compared to native code
  • Extensive test suite and benchmarking
  • Open source and maintained on Github

Usefull for ...

  • Resolving richer but secure expressions in templating engines
  • Scenarios where third parties can customize portion of your apps without compromising security
  • To allow secure macros in extendable apps
  • For computable values in configurable apps

Installation

For now it is a single "funex.js" file, but it should soon be on node npm

Usage

// Declare a context with the allowed data
context = {
    dogs : {
        names: ["fido", "ricky"],
    }
    join: function (a, b) { return a+"-"+b }
}

// Compile the expression into a function
fn = funex("join(dogs.names[0], dogs.name[1])");

// Call the function with a context
var value = fn(context);

Usage with closures

// Declare the context with an array of objects with item 0 being the top most frame
context = [
    {
        dogs : {
            names: ["fido", "ricky"],
        }
    },
    {
        join: function (a, b) { return a+"-"+b }
    }
]

// Compile the expression into a function
fn = funex("join(dogs.names[0], dogs.name[1])");

// Call the function with a context
var value = fn(context);

Roadmap

  • Support evaluation of async expressions with a standard callback
  • npm installation
  • Test coverage report
  • Detailed syntax documentation
  • A pretty web-site
npm loves you