{"id":8744766,"name":"expr-eval-fork","ecosystem":"npm","description":"Mathematical expression evaluator fork with exports map, prototype pollution and code injection security fixes","homepage":"https://github.com/jorenbroekema/expr-eval#readme","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/jorenbroekema/expr-eval","keywords_array":["expression","math","evaluate","eval","function","parser"],"namespace":null,"versions_count":5,"first_release_published_at":"2024-01-10T20:21:03.984Z","latest_release_published_at":"2026-02-02T12:43:10.921Z","latest_release_number":"3.0.3","last_synced_at":"2026-06-05T16:12:37.652Z","created_at":"2024-01-11T05:35:44.847Z","updated_at":"2026-06-05T16:12:37.653Z","registry_url":"https://www.npmjs.com/package/expr-eval-fork","install_command":"npm install expr-eval-fork","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"latest":"3.0.3"}},"repo_metadata":{"id":216550464,"uuid":"741627702","full_name":"jorenbroekema/expr-eval","owner":"jorenbroekema","description":"Mathematical expression evaluator in JavaScript","archived":false,"fork":true,"pushed_at":"2026-02-02T12:46:47.000Z","size":413,"stargazers_count":7,"open_issues_count":0,"forks_count":6,"subscribers_count":3,"default_branch":"master","last_synced_at":"2026-05-23T21:21:59.155Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://silentmatt.com/javascript-expression-evaluator/","language":"JavaScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"silentmatt/expr-eval","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jorenbroekema.png","metadata":{},"created_at":"2024-01-10T19:31:05.000Z","updated_at":"2026-05-05T17:13:07.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/jorenbroekema/expr-eval","commit_stats":null,"previous_names":["jorenbroekema/expr-eval"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jorenbroekema/expr-eval","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorenbroekema%2Fexpr-eval","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorenbroekema%2Fexpr-eval/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorenbroekema%2Fexpr-eval/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorenbroekema%2Fexpr-eval/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jorenbroekema","download_url":"https://codeload.github.com/jorenbroekema/expr-eval/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorenbroekema%2Fexpr-eval/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33452411,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-24T19:21:36.376Z","status":"ssl_error","status_checked_at":"2026-05-24T19:21:10.562Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"jorenbroekema","name":"Joren Broekema","uuid":"36734656","kind":"user","description":"Style Dictionary maintainer. Creator of code-workshop-kit. Design Systems and Web Components enthousiast.","email":"joren.broekema@gmail.com","website":"https://code-workshop-kit.com","location":"Netherlands, Utrecht","twitter":"jorenbroekema","company":"https://github.com/divriots","icon_url":"https://avatars.githubusercontent.com/u/36734656?u=9a5ae1beb0cf950cc43d31df5a17a4d37b9af195\u0026v=4","repositories_count":127,"last_synced_at":"2025-10-20T07:59:27.945Z","metadata":{"has_sponsors_listing":true},"html_url":"https://github.com/jorenbroekema","funding_links":["https://github.com/sponsors/jorenbroekema"],"total_stars":39,"followers":111,"following":18,"created_at":"2022-11-13T03:50:30.343Z","updated_at":"2025-10-20T07:59:27.945Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jorenbroekema","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jorenbroekema/repositories"},"tags":[]},"repo_metadata_updated_at":"2026-06-03T15:14:26.353Z","dependent_packages_count":0,"downloads":4883140,"downloads_period":"last-month","dependent_repos_count":0,"rankings":{"downloads":null,"dependent_repos_count":33.86402652290189,"dependent_packages_count":48.26359369545045,"stargazers_count":null,"forks_count":null,"docker_downloads_count":null,"average":41.063810109176174},"purl":"pkg:npm/expr-eval-fork","advisories":[{"uuid":"GSA_kwCzR0hTQS04Z3czLXJ4aDQtdjZqeM4ABOjV","url":"https://github.com/advisories/GHSA-8gw3-rxh4-v6jx","title":"expr-eval vulnerable to Prototype Pollution","description":"npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2025-11-14T18:31:39.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.3,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","references":["https://nvd.nist.gov/vuln/detail/CVE-2025-13204","https://github.com/jorenbroekema/expr-eval","https://github.com/silentmatt/expr-eval","https://www.npmjs.com/package/expr-eval-fork","https://github.com/silentmatt/expr-eval/pull/252/files","https://github.com/SECCON/SECCON2022_final_CTF/blob/main/jeopardy/web/babybox/solver/solver.py","https://github.com/vladko312/extras/blob/f549d505af300fd74a01b46fab2102990ff1c14d/expr-eval.py","https://www.huntr.dev/bounties/1-npm-expr-eval","https://github.com/jorenbroekema/expr-eval/commit/6c475a118643ae0efe012de283e932fb8b74324b","https://github.com/silentmatt/expr-eval/commit/6e889e0e75c50ac37d70c35388602025650e0c50","https://github.com/advisories/GHSA-8gw3-rxh4-v6jx"],"source_kind":"github","identifiers":["GHSA-8gw3-rxh4-v6jx","CVE-2025-13204"],"repository_url":null,"blast_radius":0.0,"created_at":"2025-11-17T19:00:08.870Z","updated_at":"2026-05-30T19:02:35.950Z","epss_percentage":0.00056,"epss_percentile":0.17562,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Z3czLXJ4aDQtdjZqeM4ABOjV","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04Z3czLXJ4aDQtdjZqeM4ABOjV","packages":[{"ecosystem":"npm","package_name":"expr-eval-fork","versions":[{"first_patched_version":"2.0.2","vulnerable_version_range":"\u003c 2.0.2"}],"purl":"pkg:npm/expr-eval-fork"},{"ecosystem":"npm","package_name":"expr-eval","versions":[{"first_patched_version":null,"vulnerable_version_range":"\u003c= 2.0.2"}],"purl":"pkg:npm/expr-eval"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Z3czLXJ4aDQtdjZqeM4ABOjV/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/expr-eval-fork","docker_dependents_count":1,"docker_downloads_count":7186,"usage_url":"https://repos.ecosyste.ms/usage/npm/expr-eval-fork","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/expr-eval-fork/dependencies","status":null,"funding_links":["https://github.com/sponsors/jorenbroekema"],"critical":null,"issue_metadata":{"last_synced_at":"2026-05-03T00:14:45.303Z","issues_count":0,"pull_requests_count":4,"avg_time_to_close_issue":null,"avg_time_to_close_pull_request":5053720.25,"issues_closed_count":0,"pull_requests_closed_count":4,"pull_request_authors_count":3,"issue_authors_count":0,"avg_comments_per_issue":null,"avg_comments_per_pull_request":1.25,"merged_pull_requests_count":1,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":0,"past_year_pull_requests_count":4,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":5053720.25,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":4,"past_year_pull_request_authors_count":3,"past_year_issue_authors_count":0,"past_year_avg_comments_per_issue":null,"past_year_avg_comments_per_pull_request":1.25,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":1,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/jorenbroekema%2Fexpr-eval/issues","maintainers":[{"login":"sei-vsarvepalli","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/sei-vsarvepalli"},{"login":"jorenbroekema","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jorenbroekema"}],"active_maintainers":[{"login":"sei-vsarvepalli","count":2,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/sei-vsarvepalli"},{"login":"jorenbroekema","count":1,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jorenbroekema"}]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/expr-eval-fork/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/expr-eval-fork/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/expr-eval-fork/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/expr-eval-fork/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/expr-eval-fork/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/expr-eval-fork/codemeta","maintainers":[{"uuid":"jorenbroekema","login":"jorenbroekema","name":null,"email":"joren.broekema@gmail.com","url":null,"packages_count":94,"html_url":"https://www.npmjs.com/~jorenbroekema","role":null,"created_at":"2024-01-11T05:36:49.973Z","updated_at":"2024-01-11T05:36:49.973Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/jorenbroekema/packages"}]}