evalUsage

Rendered from docs/alerts/evalUsage.md

Back to index

evalUsage

Flags dynamic code execution primitives like eval(...) and new Function(...).

Implemented in: src/lib/detection/plugins/eval-usage.ts
Enabled by default: yes

What it means

The package contains code that can build and execute JavaScript from strings at runtime.

Why it matters

Dynamic execution is difficult to audit and is commonly used to hide payloads, decode obfuscated content, and execute remote code.

What to do

  • Determine where the executed string comes from (constant vs user/network input).
  • Check for decoding steps (base64, hex, XOR) feeding into eval.
  • Prefer alternatives that avoid dynamic execution.

Common fields

  • filePath, lineStart/lineEnd, codeSnippet
  • metadata may include which dynamic execution API was detected