search

ProtoDef-io / node-protodefc

node.js ProtoDef implementation using protodefc and protodefc-prebuilt
MIT License
2 stars 0 forks source link

Don't use eval (evil) #6

Closed ghost closed 6 years ago

ghost commented 6 years ago

It appears that Node can facilitate loading a module from a string by using https://nodejs.org/api/modules.html

    const Module = require('module')
    const m = new Module('', module.parent)
    m._compile('module.exports = "Hello"', '')
    console.log(m.exports)
rom1504 commented 6 years ago

Ok but this is still very much equivalent of to eval. And eval is ok if you control the input. (Which we do)

On Thu, May 31, 2018, 03:45 mhsjlw notifications@github.com wrote:

It appears that Node can facilitate loading a module from a string by using https://nodejs.org/api/modules.html

const Module = require('module')
const m = new Module('', module.parent)
m._compile('module.exports = "Hello"', '')
console.log(m.exports)

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/ProtoDef-io/node-protodefc/issues/6, or mute the thread https://github.com/notifications/unsubscribe-auth/ACPN_kN8XSFB9kmJMiJFt-pimkMoymWYks5t30smgaJpZM4UUSXv .

ghost commented 6 years ago

I believe optimizations are gained when this is used (like caching perhaps). I'll look into it.

ghost commented 6 years ago

Doesn't add any improvements, see Module documentation for more detail, but this is effectively equivalent to eval