Module for evaluating functional expressions


Javascript utility for secure evaluation of functional expressions.

Example usage:

result = funex("members[id].name.fullname()", model);
  • Expressions are evaluated and executed in a controled and secure scope
  • Minified source is under 2k (under 1k gzipped)
  • Function calls, dot notation, array/object members, strings, numbers
  • The syntax is a familiar subset of javascript
  • Simple because it is logic-less: no operators, statements or boolean logic
  • Throws readable syntax errors
  • Runs both in browser and on the server
  • No complex api or configuration, a single function to use
  • Compiled expressions can be cached and reused
  • Minimal overhead compared to native code
  • Extensive test suite and benchmarking
  • Open source and maintained on Github
  • Resolving richer but secure expressions in templating engines
  • Scenarios where third parties can customize portion of your apps without compromising security
  • To allow secure macros in extendable apps
  • For computable values in configurable apps

For now it is a single "funex.js" file, but it should soon be on node npm

// Declare a context with the allowed data
context = {
    dogs : {
        names: ["fido", "ricky"],
    join: function (a, b) {


// Compile the expression into a function
fn = funex("join(dogs.names[0], '-',[1])");

// Call the function with a context
var fn(context);
  • Support evaluation of async expressions with a standard callback
  • Test coverage report
  • More tests
  • Detailed syntax documentation
  • A pretty web-site