From 273cb81da06e198815121d1d3c82f737d3fee0fe Mon Sep 17 00:00:00 2001
From: Felix Roos <flix91@gmail.com>
Date: Sun, 15 May 2022 00:35:17 +0200
Subject: [PATCH] use Function instead of eval - fixes scope issues (e.g. seq
 duplication) - should be much safer and much faster

---
 packages/eval/evaluate.mjs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/packages/eval/evaluate.mjs b/packages/eval/evaluate.mjs
index 286e855a..9588ad7d 100644
--- a/packages/eval/evaluate.mjs
+++ b/packages/eval/evaluate.mjs
@@ -15,9 +15,13 @@ export const extend = (...args) => {
   Object.assign(globalThis, ...args);
 };
 
+function safeEval(str) {
+  return Function('"use strict";return (' + str + ')')();
+}
+
 export const evaluate = async (code) => {
   const shapeshifted = shapeshifter(code); // transform syntactically correct js code to semantically usable code
-  let evaluated = await eval(shapeshifted);
+  let evaluated = await safeEval(shapeshifted);
   if (!isPattern(evaluated)) {
     console.log('evaluated', evaluated);
     const message = `got "${typeof evaluated}" instead of pattern`;