zarutian

Eval web demo Security Caveats This code runs in a Worker with { permissions: { write: false, read: false, net: false } } . This is likely very safe, but if you enable network access keep in mind that users might generate junk network traffic or attempt to make infinite loops. If sandboxed code knows the name of one of your private vals it will be able to import the code with import "https://esm.town/v/maxm/private" . If you enabled write: true in the Worker, the unix socket that Deno uses to communicate with the host can be deleted and intercepted. This might mean that evaluated code can steal the socket and read the next request. You should not use this to evaluate code that should not be read by a previous evaluation. All code is running on the same process and you are not protected from exotic attacks like speculative execution. Overview You can use this library to evaluate code: import { evalCode } from "https://esm.town/maxm/eval" console.log(await evalCode("export const foo = 1")) // => 1 You can use this library with https://www.val.town/v/maxm/transformEvalCode to return the last value without needing to export it. This is how the /eval api endpoint used to work and makes the library preform similarly to a repl. import { evalCode } from "https://esm.town/maxm/eval" import { transform } from "https://esm.town/maxm/transformEvalCode" console.log(await evalCode(transform("1+1"))) // => 2 Here's an example UI application that demonstrates how you can string this all together: https://maxm-evalui.web.val.run/ (source: https://www.val.town/v/maxm/evalUI) Security Model Code is evaluated using a dynamic import within a Worker. await import(`data:text/tsx,${encodeURIComponent(e.data)}`); Running the code withing a Worker prevents access to GlobalThis and window from leaking between evals. Similarly, access to Deno.env is prevented and evaluations will see errors when trying to access any environment variables. TODO: what else?

Usage import { openKv } from "https://esm.town/v/pomdtr/kv" const kv = openKv() await kv.set("test", true) console.log(await kv.get("test"))

Val Town CDN If you only want to get the source of a val, you should use https://esm.town/ instead. Usage curl https://pomdtr-cdn.web.val.run/<author>/<name>.<extension>[?v=<version>] To see the code of this val, use https://pomdtr-cdn.web.val.run/pomdtr/cdn.ts Examples Fetching the val code $ curl https://pomdtr-cdn.web.val.run/pomdtr/add.tsx You can also use js , jsx and ts extension (only the content-type change, there is no transpilation). Fetching private val Pass an api token as an username $ curl "https://<token>@pomdtr-cdn.web.val.run/pomdtr/privateVal.ts" Fetching the val README $ curl https://pomdtr-cdn.web.val.run/pomdtr/add.md Getting an image $ curl https://pomdtr-cdn.web.val.run/pomdtr/add.png Fetching a specific version of a val $ curl https://pomdtr-cdn.web.val.run/pomdtr/cdn.ts?v=66 You need to be authenticated to use this method. Fetching the val metadata $ curl https://pomdtr-cdn.web.val.run/pomdtr/add.json

* Composes multiple functions into a single function that passes the result of each function to the next * * @param {...Function} funs The functions to compose * @returns {Function} A function that represents the composed functions