PHPackages vanderlee/expression - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Parsing & Serialization](/categories/parsing) 4. / 5. vanderlee/expression ActiveLibrary[Parsing & Serialization](/categories/parsing) vanderlee/expression ==================== Safe, eval()-based simple and extendable expression parser 1.0.2(2y ago)59.2k↓32.1%[1 issues](https://github.com/vanderlee/PHP-Expression/issues)MITPHPPHP >=7.1 Since Apr 4Pushed 2y ago3 watchersCompare [ Source](https://github.com/vanderlee/PHP-Expression)[ Packagist](https://packagist.org/packages/vanderlee/expression)[ Docs](https://github.com/vanderlee/PHP-Expression)[ RSS](/packages/vanderlee-expression/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (1)Versions (5)Used By (0) PHP-Expression ============== [](#php-expression) Version 1.0.2 [![Build Status](https://camo.githubusercontent.com/f9f92c6d224bf74428f4a7e020b8a6fec5661f5293bf4353be647b4895d5cc91/68747470733a2f2f7472617669732d63692e6f72672f76616e6465726c65652f5048502d45787072657373696f6e2e737667)](https://travis-ci.org/vanderlee/PHP-Expression) Simple and fast PHP expression parser, based on secure use of eval(). Compatible with PHP 7.1 and up. Using eval() is evil() ---------------------- [](#using-eval-is-evil) This class tries to expose a subset of PHP functionality not by removing the bad features, but by explicitely allowing only the good features. IF YOU FIND ANY (POTENTIAL) SECURITY ISSUE, PLEASE REPORT! Since PHP-Expression uses `eval()`, it can also handle PHP syntax, including parenthesis, arithmetic, functions and more. Things you are allowed to do ---------------------------- [](#things-you-are-allowed-to-do) - Use numbers, either floating-point or integer, including negative. - Use a number of different bases, such as decimal, octal, hexadecimal. - Use most basic math functions such as `abs()`, `min()`, `max()` and `sqrt()`. - Use basic arithmetic operators `+`, `-`, `*`, `/` and `%`. - Use parenthesis. - Use comparisons (`true`/`false` returns `1`/`0` decimal). - Use boolean operators in comparisons. - Use bitwise operators. - Use textual boolean operators like `and`, `xor` and `or` Things we've added ------------------ [](#things-weve-added) - Binary numbers, using a `0b` prefix. i.e. `0b1001110`. - New functions/function aliasses. - Support to use number "types" using prefixes. - Boolean operator `^^` for logical XOR (same as `xor`). - Textual boolean operator `not` (same as `!`). Things you should NOT be able to do ----------------------------------- [](#things-you-should-not-be-able-to-do) - Access functions not explicitely permitted. - Access static classs method not explicitely permitted. - Access class properties or functions. - Access system constants. - Access variables, local or global. - Access Expression class itself. - Access namespace functions. - Access arrays of any kind, using either brackets or accolades. - Use strings. - Return anything except numbers (integer or floating-point, 1/0 for boolean results). Things you cannnot do --------------------- [](#things-you-cannnot-do) - Ternary operator (`x ? y : z`) not supported. - Elvis operator (`x ?: z`) not supported. - Null-coalescing operator (`x ?? z`) not supported. - Spaceship operator (`x y`) only supported on PHP 7 and up (it's a PHP 7 feature). Available functions ------------------- [](#available-functions) TODO Disclaimers ----------- [](#disclaimers) Though this class has been tested and independantly reviewed by several people, I cannot make any absolute 100% guarantee that it cannot be hacked. If you find any potential security problem, please let us know. Even though the Expression class itself is supposed to be secure, the return value may still be abused if your code does not check for validity. Only numbers can be returned, but if your code crashes on a number "666", the Expression class cannot and will not be able to protect you. Check for valid ranges. ### Health Score 33 — LowBetter than 75% of packages Maintenance16 Infrequent updates — may be unmaintained Popularity30 Limited adoption so far Community8 Small or concentrated contributor base Maturity61 Established project with proven stability Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~859 days Total 4 Last Release 755d ago Major Versions 0.2.2 → 1.0.02019-03-02 PHP version history (2 changes)0.2.2PHP >=5.2.0 1.0.1PHP >=7.1 ### Community Maintainers ![](https://www.gravatar.com/avatar/59428f021d3985e299ebd676bbe50fa592430f8dd1d57af38df8833b19079ee8?d=identicon)[vanderlee](/maintainers/vanderlee) --- Top Contributors [![vanderlee](https://avatars.githubusercontent.com/u/649240?v=4)](https://github.com/vanderlee "vanderlee (16 commits)") --- Tags parsermathexpressioneval ### Code Quality TestsPHPUnit ### Embed Badge ![Health badge](/badges/vanderlee-expression/health.svg) ``` [![Health](https://phpackages.com/badges/vanderlee-expression/health.svg)](https://phpackages.com/packages/vanderlee-expression) ``` ### Alternatives [nikic/php-parser A PHP parser written in PHP 17.4k902.6M1.8k](/packages/nikic-php-parser)[doctrine/lexer PHP Doctrine Lexer parser library that can be used in Top-Down, Recursive Descent Parsers. 11.2k910.8M118](/packages/doctrine-lexer)[madorin/matex PHP Mathematical expression parser and evaluator 1161.2M1](/packages/madorin-matex)[masterminds/html5 An HTML5 parser and serializer. 1.8k242.8M229](/packages/masterminds-html5)[matomo/device-detector The Universal Device Detection library, that parses User Agents and detects devices (desktop, tablet, mobile, tv, cars, console, etc.), clients (browsers, media players, mobile apps, feed readers, libraries, etc), operating systems, devices, brands and models. 3.5k23.5M111](/packages/matomo-device-detector)[nxp/math-executor Simple math expressions calculator 2281.7M7](/packages/nxp-math-executor) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)