CEL-lite is a small, safe, dependency-free expression language inspired by Google’s Common Expression Language (CEL), designed specifically for identity, policy, and mapping use-cases.
It is not a full CEL implementation — by design. CEL-lite focuses on determinism, auditability, and sandbox safety.
condition ? a : b)&&, ||, !)==, !=, <, <=, >, >=)in operator (arrays, strings, objects)Designed for:
CEL-lite intentionally does not support:
This keeps it safe to evaluate on authentication paths.
npm install @sourceregistry/cel-lite
import { compileCel } from "@sourceregistry/cel-lite";
const expr = compileCel("has(user.email) ? lower(user.email) : null");
const result = expr.eval({
user: { email: "USER@EXAMPLE.COM" }
});
console.log(result);
// → "user@example.com"
true, false, null
123, -1, 3.14
"string", 'string'
[1, 2, "a"]
== != < <= > >=
&& || !
+ in
?: (ternary)
user.email
saml.attributes["urn:mace:dir:attribute-def:mail"][0]
Missing properties resolve to undefined (safe).
| Function | Description |
|---|---|
has(x) / exists(x) |
Checks defined / non-empty |
size(x) |
Length of array/string/object |
first(x) |
First element or value |
lower(s) / upper(s) |
String casing |
trim(s) |
Trim whitespace |
contains(a, b) |
Array or string containment |
containsAny(arr, values) |
Any value matches |
startsWith(s, prefix) |
String prefix |
endsWith(s, suffix) |
String suffix |
matches(s, regex) |
Regex test |
regexReplace(s, r, repl) |
Regex replace |
coalesce(a, b, ...) |
First non-empty value |
join(arr, sep) |
Join array |
split(s, sep) |
Split string |
Only allow-listed functions are callable.
CEL-lite can explain how a result was produced.
const program = compileCel("size(groups) > 0 ? groups[0] : null");
const explained = program.explain({
groups: ["Students", "Staff"]
});
console.log(explained.result);
// → "Students"
console.log(explained.trace);
// → evaluation steps (for UI / audit)
Useful for:
CEL-lite enforces:
__proto__, constructor, prototypeIt is safe to run on:
Apache-2.0