Class SafeExpressionEvaluator

Safe expression evaluator that prevents arbitrary code execution while supporting common boolean expressions and property access patterns.

Supported operations:

• Comparison: ==, ===, !=, !==, <, >, <=, >=
• Logical: &&, ||, !
• Property access: dot notation (e.g., payload.customer.name)
• Array access: bracket notation (e.g., items[0])
• Safe methods: .length, .includes(), .startsWith(), .endsWith()
• Array methods: .some(), .every(), .find(), .filter()
• Type checking: typeof, instanceof (limited to safe types)

SafeExpressionEvaluator

Example

const evaluator = new SafeExpressionEvaluator();

// Simple comparison
const result1 = evaluator.evaluate(
  "status == 'active'",
  { status: 'active' }
);

// Nested property access
const result2 = evaluator.evaluate(
  "payload.customer.tier == 'premium' && payload.order.total > 1000",
  { payload: { customer: { tier: 'premium' }, order: { total: 1500 } } }
);

// Array methods
const result3 = evaluator.evaluate(
  "items.some(item => item.price > 100)",
  { items: [{ price: 50 }, { price: 150 }] }
);
Copy