The Function constructor is eval

[thr0w]

I'm using Function constructor because need pass parameters to code. But standard not accept it.

What you suggest to do?

var code = 'param.sum = param.a + param.b'
var fn = new Function('param', code)
var res = fn({a: 1, b: 2})
assert(res.sum, 3)

[julien-f]

I don't understand your need, why not simply create a regular function?

function fn (param) {
  param.sum = param.a + param.b
  return param
}
var res = fn({a: 1, b: 2})
assert(res.sum, 3)

[thr0w]

Because code is generated. I need eval or new Function. I'm choosing for new Function because eval expose all my context.

[julien-f]

Standard is based on ESLint and there is a way to ignore some warnings, check in the README.

[thr0w]

Ok @julien-f , thanks. I will disable in my code.

But what do you think? If it's necessary parse a generated code why use eval? Eval expose all scope to the evaluated code, it's not safe.

[julien-f]

I am not sure I understand your question :p

It is probably indeed better to use new Function() than eval() but it's still risky and that is why you have to manually disable the warning.

[thr0w]

ok. Sorry. It's explained here.
https://jslinterrors.com/the-function-constructor-is-eval

Thank you

[yoshuawuyts]

@thr0w you might be interested in https://github.com/mafintosh/generate-function