npm
Sign UpSign In

wrapeval

0.3.7 • Public • Published

NO WARRANT WARNING

  • Use at your own risk !

wrapeval

  • wrap eval in sanbox;
  • suggest to compile function and use later for performance
require('wrapeval')(`
console.log(Math.random())
`,{ console })

escape/hack cases

(function(){return this}())
this.constructor.constructor("return process")()
(function(){return this.constructor.constructor("return process")()}())
delete constructor.constructor;delete constructor;constructor.constructor('return process')()
delete constructor;constructor.constructor('return process')()
delete constructor;(function(){return this.constructor.constructor("return process")()}())

ref

http://perfectionkills.com/global-eval-what-are-the-options/#how_eval_works

Dependencies (0)

    Dev Dependencies (0)

      Package Sidebar

      Install

      npm i wrapeval

      Repository

      github.com/wanjochan/wrapeval

      Homepage

      github.com/wanjochan/wrapeval#readme

      Weekly Downloads

      1

      Version

      0.3.7

      License

      ISC

      Unpacked Size

      2.53 kB

      Total Files

      4

      Last publish

      Collaborators

      • cmptech
      Try on RunKit
      Report malware