Every javascript developer knows; eval is evil

But since i am looking for the ultimative module technology in javascript, i read something very interesting about someone using eval as a module loader, which has 2 main benefits:

• Faster loading for mobile, because its loading a whole string at once
• Script seperating without doing fancy define wrappers like require.js in each module

So whats all about that? And could it be a solution, to only load several functions through eval? I mean from security aspects...

Edit: sry forgot the link to the article: Article

Every javascript developer knows; eval is evil

But since i am looking for the ultimative module technology in javascript, i read something very interesting about someone using eval as a module loader, which has 2 main benefits:

• Faster loading for mobile, because its loading a whole string at once
• Script seperating without doing fancy define wrappers like require.js in each module

So whats all about that? And could it be a solution, to only load several functions through eval? I mean from security aspects...

Edit: sry forgot the link to the article: Article

• javascript
• security
• module
• eval

• 1 I think evaling static strings that you have 100% control over (your code - that you were planning on executing anyway, just lazy loaded) is fine. – Patashu Commented May 6, 2013 at 9:37
• 2 I don't really understand why you would load code as a string, not as a script file, and why that would be faster? – Bergi Commented May 6, 2013 at 10:19
• 2 Hard to debug evaluated script. No optimization. But this is "good eval": youtube./watch?v=Kdwwvps4J9A – 3y3 Commented May 6, 2013 at 10:43

1 Answer 1

Because of the high-latency on 3G connections a single HTTP request, even with more data, is often a lot faster then multiple smaller requests.

What that article proposes is bining multiple modules into one file like this:

var modules = {
    'main.js': 'alert("Main module")',
    'another.js': 'alert("Another module")',
    'notUsed.js': 'alert("I am never used")',
};

That way they can all be downloaded with a single HTTP request which is faster, and you can still only include/evaluate the modules you need.

e.g. you could do:

var requireFile = function(file) {
    if(modules[file])
        eval(modules[file]);
};

requireFile('main.js');
requireFile('another.js');

and only main.js and another.js would be evaluated, notUsed.js would just be ignored.

Security wise, it shouldn't be any different to including them via the <script> tag provided whatever you use to bine the scripts can't accidentally bine/include other files/strings too.

So from a security perspective, there shouldn't any difference from the above and this:

<script src="main.js"></script>
<script src="another.js"></script>

Of course you still have the other disadvantages of eval.