Is expr-eval safe to use?

expr-eval has 1 known vulnerabilities on the latest version (2.0.2). DepScope rates its health at 53/100 (high risk).

What is the latest version of expr-eval?

The latest version of expr-eval is 2.0.2, released 2019-09-28.

Does expr-eval have known vulnerabilities?

Yes. expr-eval has 1 known vulnerabilities. See depscope.dev/pkg/npm/expr-eval for details.

Is expr-eval deprecated?

No, expr-eval is actively maintained. Latest release: 2.0.2 (2019-09-28).

What are alternatives to expr-eval?

Popular alternatives to expr-eval in npm include: ?, semver, minimatch, debug, brace-expansion.

What license does expr-eval use?

expr-eval is licensed under MIT.

expr-eval

npmv2.0.2

Mathematical expression evaluator

License MITpermissive17 versions1 maintainers0 deps514,162 weekly dl

silentmatt/expr-eval

/ 100

Health

update required

[email protected] has vulnerabilities — update to latest

Update to >= 3.0.1 to fix known vulnerabilities

Moderate health score (53/100) — verify manually
1 high severity vulnerabilities

Health breakdown0 – 100

0/25

maintenance

14/20

popularity

20/25

security

12/15

maturity

7/15

community

0/15

popularity_floor

Vulnerabilities

1 high

Advisories (1)

Severity	ID	Summary	Fixed in
high	CVE-2025-12735	expr-eval does not restrict functions passed to the evaluate function	3.0.1

Bundle & TypeScript

📦

Bundle Size

24.6 KBminified

7.4 KB gzipped

0 direct dependencies

ESMside effects

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/expr-eval