The seval takes arbitrary untrusted JavaScript code as a text string, and uses
static analysis to determine if it can be securely run or not.
The seval library parses the untrusted JavaScript code using acorn, and
finds any uses of unsafe constucts such as function calls and property accesses.
By default, seval also forbids the use of for and while loops, since
these can potentially block the running thread forever.
It either stands for "Safe eval", or "Stupid eval", depending on if any security holes are found in the library.
const code = new Sevaluator("const answer = arguments[0] * 2; return answer;")
assert.equal(code.run([21]), 42);
const codeWithLoop = new Sevaluator(
`
let acc = 0;
for (let n = 0; n < 100; n++) {
if (n % 2 === 0) {
acc += 1000;
} else {
acc *= 2;
}
}
return acc;
`,
{ allowLoops: true },
);
assert.equal(codeWithLoop.run([]), 2251799813685246);