Vulnerability in expr-eval

Vulnerability in expr-eval

Summary

There is a vulnerability discovered in the npm package expr-eval. From the reports it seems quite bad.

https://www.bleepingcomputer.com/news/security/popular-javascript-library-expr-eval-vulnerable-to-rce-flaw/

https://nvd.nist.gov/vuln/detail/CVE-2025-12735

There is a fork we could switch to for now, since the authors of the original repo is unresponsive.