Skip to content

Security Warning: Usage of eval in multiple files causes security risks and minification issues #722

Description

@dbarzin

Description:

Hello,

While building my project with Vite (vite v4.5.9) for production, I encountered several warnings related to the use of eval in multiple files within @maxgraph/core.

node_modules/@maxgraph/core/lib/serialization/ObjectCodec.js (682:28) 
Use of eval in "node_modules/@maxgraph/core/lib/serialization/ObjectCodec.js" is strongly discouraged as it poses security risks and may cause issues with minification.

node_modules/@maxgraph/core/lib/view/GraphView.js (1044:22) 
Use of eval in "node_modules/@maxgraph/core/lib/view/GraphView.js" is strongly discouraged as it poses security risks and may cause issues with minification.

node_modules/@maxgraph/core/lib/view/GraphView.js (1254:22) 
Use of eval in "node_modules/@maxgraph/core/lib/view/GraphView.js" is strongly discouraged as it poses security risks and may cause issues with minification.

node_modules/@maxgraph/core/lib/editor/EditorPopupMenu.js (159:34) 
Use of eval in "node_modules/@maxgraph/core/lib/editor/EditorPopupMenu.js" is strongly discouraged as it poses security risks and may cause issues with minification.

node_modules/@maxgraph/core/lib/editor/EditorPopupMenu.js (240:26) 
Use of eval in "node_modules/@maxgraph/core/lib/editor/EditorPopupMenu.js" is strongly discouraged as it poses security risks and may cause issues with minification.

node_modules/@maxgraph/core/lib/serialization/codecs/editor/EditorToolbarCodec.js (157:71) 
Use of eval in "node_modules/@maxgraph/core/lib/serialization/codecs/editor/EditorToolbarCodec.js" is strongly discouraged as it poses security risks and may cause issues with minification.

node_modules/@maxgraph/core/lib/serialization/codecs/editor/EditorToolbarCodec.js (169:53) 
Use of eval in "node_modules/@maxgraph/core/lib/serialization/codecs/editor/EditorToolbarCodec.js" is strongly discouraged as it poses security risks and may cause issues with minification.

node_modules/@maxgraph/core/lib/serialization/codecs/StylesheetCodec.js (136:44) 
Use of eval in "node_modules/@maxgraph/core/lib/serialization/codecs/StylesheetCodec.js" is strongly discouraged as it poses security risks and may cause issues with minification.

node_modules/@maxgraph/core/lib/view/geometry/node/StencilShape.js (155:30) 
Use of eval in "node_modules/@maxgraph/core/lib/view/geometry/node/StencilShape.js" is strongly discouraged as it poses security risks and may cause issues with minification.

Using eval is generally discouraged due to security concerns and its impact on code optimization and minification. Would it be possible to replace these usages with safer alternatives?

Thank you for your time and for maintaining this project!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Fields

    No fields configured for Enhancement.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions