7 Alternatives of eval in JavaScript

JavaScript provides the eval() function, which allows developers to execute a string of code as if it were written directly in the script. However, using eval() can be a security risk, as it could potentially execute malicious code from an untrusted source. Therefore, it is important to consider alternative ways of evaluating a string of code in JavaScript.

1. Function

One alternative to using eval() is to use the Function constructor. The Function constructor allows you to create a new function from a string of code, which can then be executed. Here’s an example of how you might use it:

let code = "console.log('Hello, world!')";
let func = new Function(code);

2. runInThiscontext

Another alternative is to use the vm module, which provides a runInThisContext() function that can be used to execute a string of code in the current context. Here’s an example of how you might use it:

let vm = require('vm');
let code = "console.log('Hello, world!')";

3. Esprima

Another way is to use a JavaScript interpreter library such as Acorn or Esprima, which allows you to parse and analyze JavaScript code without actually executing it. Here’s an example of how you might use Esprima to parse a string of code:

let esprima = require('esprima');
let code = "console.log('Hello, world!')";
let ast = esprima.parseScript(code);

This will give you an Abstract Syntax Tree (AST) representation of the code, which you can then analyze and manipulate as needed. This approach allows you to examine the code and check if it’s safe to execute before running it.

4. setTimeout() or setInterval()

One more way is to use setTimeout() or setInterval() functions. These functions accept a string of code as their first argument, but they execute it as a function instead of evaluating it directly.

setTimeout("console.log('Hello, world!')", 1000);

5. window

One of the alternatives is to use the window object to access the global scope and retrieve the library directly. The window object represents the global scope in JavaScript and is a property of the window object. By using the window object, we can access the properties and methods of the global scope directly, without having to use eval().

For example, let’s say we have a string that represents the name of a JavaScript library, such as ‘Math’, and we want to use it to access the functions of that library. Instead of using eval(), we can use the window object to access the Math library directly.

let libString = 'Math';
let lib = window[libString];
let result = lib.sqrt(4);
console.log(result); // 2

6. Object.getOwnPropertyDescriptor()

Another approach is to use Object.getOwnPropertyDescriptor() method to access the property descriptor of the object and check if it is a function or not. This method allows you to retrieve the property descriptor of an object, which includes information about the property’s value, writability, enumerability, and configurability.

let libString = 'Math';
let descriptor = Object.getOwnPropertyDescriptor(window, libString);
if (descriptor && typeof descriptor.value === 'object') {
    let lib = descriptor.value;
    let result = lib.sqrt(4);
    console.log(result); // 2

7. Using JavaScript Object:

We can use javascript as an alternative of eval in many cases. This is useful in many conditions, let see how can we use this approach.

Considering that we have one module which we want to use on runtime on basis of some condition.


import {customLib} = require("/cutomlib") // supose this lib has one method find

let obj = {"customLib" : customLib}
let key = "customLib";

Leave a Reply