SEC003errorFree tier

eval-usage

eval() executes arbitrary code and is a security risk

Applies to: JavaScript, Python, Ruby, TypeScript

Why this matters

eval() takes a string and executes it as code. If any part of that string comes from user input, attackers can run any code they want on your system. There's almost always a safer alternative.

Catch it before it ships

pip install stablestack # or: npx stablestackstablestack # scans your project, SEC003 includedstablestack explain SEC003

False positive in your codebase? Suppress a single line with # noqa: SEC003