💻

• Would you like to work on a fix?

How are you using Babel?

Programmatic API (babel.transform, babel.parse)

Input code

const parser = require("@babel/parser");
const traverse = require("@babel/traverse").default;

const source = `String({ toString: "".toUpperCase })`;

const ast = parser.parse(source);
traverse(ast, {
    Expression(path) {
        console.log("Evaluating expression:", path.node.type);  
        path.evaluate();
    }
});

Configuration file name

No response

Configuration

No response

Current and expected behavior

Currently, the path.evaluate() call crashes with "Maximum call stack size exceeded". This behavior is because:

1. Since _evaluate allows functions to be assigned as property values, line 364 of babel-traverse/src/path/evaluation.ts sets the toString of the parsed object to toUpperCase.
2. This object later has String() called on it or is converted to a string somewhere, and toString of it is called
3. toUpperCase.call(<object>) tries to convert the object to a string
4. Repeat

This behavior may be the expected behavior. isPure() evaluates to false, and just running this a in normal JavaScript repl causes an error too. Should babel crash when evaluating something that causes an error? I encountered this in the context of using Babel for deobfuscation - it's annoying in a wide-scope replace-path-with-eval-if-confident script but also very easy to catch. I would prefer that Babel just gives up like it does in some other cases (ie not following inherited properties in a MemberExpression) rather than crash.

Environment

OS: macOS 14.5
Node 20.19.5
@babel/traverse 7.28.5

Possible solution

No response

Additional context

No response