For convenience, I have saved some javascript code centrally on Google Drive (defining classes and a few functions), which I would like to download and then deploy into workflows (i.e. load the code in as if it were written in the function node) for use in the given workflow.
I attempted this (and failed) and searched for workflows on n8n, but no luck.
Idea:
Some system to convert javascript into json
Load in the json and convert back into javascript in n8n?
Hey @pb84, to run remote JS code you can use eval() (but probably shouldn’t - see the MDN article for more details). Here’s a quick example downloading a zipped JS file, unzipping it and then executing it (printing foo to the console):
Great - yep thats fine; is there a safe way to store javascript remotely (e.g. via git) and then load in, or is eval (dangerous if there is injection) the only way?
The risk is that you won’t typically check the code before executing it. As per the article (it’s aimed at browser JS, but the point remains):
If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code (…)
So if your git repo is compromised, your n8n workflow could execute potentially malicious code. You could consider calculating and verifying a hash to avoid this, but then again I’d very much assume you want to update the code outside of n8n, so it’s expected to change.
That’s a risk assessment you would need to do yourself though.