Loading in javascript (JS) from a remote data store for use in the function node

Describe the issue/error/question

For convenience, I have saved some javascript code centrally on Google Drive (defining classes and a few functions), which I would like to download and then deploy into workflows (i.e. load the code in as if it were written in the function node) for use in the given workflow.

I attempted this (and failed) and searched for workflows on n8n, but no luck.

Idea:

  • Some system to convert javascript into json
  • Load in the json and convert back into javascript in n8n?

I would be grateful for any feedback!

Please share the workflow

Share the output returned by the last node

Error

Hey @pb84, to run remote JS code you can use eval() (but probably shouldn’t - see the MDN article for more details). Here’s a quick example downloading a zipped JS file, unzipping it and then executing it (printing foo to the console):

1 Like

Thanks @MutedJam - is there a safe way of doing it?

E.g. I can load in a .txt file with the javascript code (that is safely stored)

This example loads a JS file, but it’s processed as a string anyway. So you can also use txt files here.

Great - yep thats fine; is there a safe way to store javascript remotely (e.g. via git) and then load in, or is eval (dangerous if there is injection) the only way?

The risk is that you won’t typically check the code before executing it. As per the article (it’s aimed at browser JS, but the point remains):

If you run eval() with a string that could be affected by a malicious party, you may end up running malicious code (…)

So if your git repo is compromised, your n8n workflow could execute potentially malicious code. You could consider calculating and verifying a hash to avoid this, but then again I’d very much assume you want to update the code outside of n8n, so it’s expected to change.

That’s a risk assessment you would need to do yourself though.

1 Like

When trying to execute something from the saved code, I get an error:

That is rather than sending to console, if you try and use the data in a subsequent part of the function, can’t seem to get it to work.

Have replaced the javascript code in your example with simply:

const test = "test";

(Have not offered a file link to avoid code injection, but I’m sure easy to replicate)

So if you’re looking to return something, consider the approach of defining a new Function instead of using eval like so:

JS File:

const test = "te" + "st";
return test;

Function node JS:

const customJs = $items('Move Binary Data')[0].json.js;
const foo = new Function(customJs)();

return [{json:{
  "return": foo
}}];

Result:

Workflow:

This is great, thanks so much.

Is there anyway to pass variables through the Function. E.g.

JS File:

function testFunction(var1,var2){
  return var1*var2;
}

Function node JS:

const customJs = $items('Move Binary Data')[0].json.js;
const foo = new Function(customJs(1,2))();

return [{json:{
  "return": foo
}}];

I get: Error: customJs is not a function when trying something like this

Hi pb84,
you could try something like this.

image

1 Like