diff -Nru node-static-eval-2.0.0/CHANGELOG.md node-static-eval-2.1.0/CHANGELOG.md
--- node-static-eval-2.0.0/CHANGELOG.md	1970-01-01 00:00:00.000000000 +0000
+++ node-static-eval-2.1.0/CHANGELOG.md	2020-06-15 10:23:03.000000000 +0000
@@ -0,0 +1,15 @@
+# static-eval Change Log
+All notable changes to this project will be documented in this file.
+This project adheres to [Semantic Versioning](http://semver.org/).
+
+## 2.1.0
+* Add `allowAccessToMethodsOnFunctions` option to restore 1.x behaviour so that [cwise](https://github.com/scijs/cwise) can upgrade. ([@archmoj](https://github.com/archmoj) in [#31](https://github.com/browserify/static-eval/pull/31))
+
+  Do not use this option if you are not sure that you need it, as it had previously been removed for security reasons. There is a known exploit to execute arbitrary code. Only use it on trusted inputs, like the developer's JS files in a build system.
+
+## 2.0.5
+* Fix function bodies being invoked during declaration. ([@RoboPhred](https://github.com/RoboPhred) in [#30](https://github.com/browserify/static-eval/pull/30))
+
+## 2.0.4
+* Short-circuit evaluation in `&&` and `||` expressions. ([@RoboPhred](https://github.com/RoboPhred) in [#28](https://github.com/browserify/static-eval/pull/28))
+* Start tracking changes.
diff -Nru node-static-eval-2.0.0/debian/changelog node-static-eval-2.1.0/debian/changelog
--- node-static-eval-2.0.0/debian/changelog	2018-06-06 14:58:20.000000000 +0000
+++ node-static-eval-2.1.0/debian/changelog	2020-12-19 12:14:58.000000000 +0000
@@ -1,3 +1,24 @@
+node-static-eval (2.1.0-1) unstable; urgency=medium
+
+  * Team upload
+
+  [ Debian Janitor ]
+  * Bump debhelper from old 11 to 12.
+  * Set debhelper-compat version in Build-Depends.
+  * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
+    Repository-Browse.
+
+  [ Xavier Guimard ]
+  * Bump debhelper compatibility level to 13
+  * Declare compliance with policy 4.5.1
+  * Add "Rules-Requires-Root: no"
+  * Add debian/gbp.conf
+  * Use dh-sequence-nodejs auto test & install
+  * New upstream version 2.1.0
+  * Update docs
+
+ -- Xavier Guimard <yadd@debian.org>  Sat, 19 Dec 2020 13:14:58 +0100
+
 node-static-eval (2.0.0-1) unstable; urgency=medium
 
   * New upstream version
diff -Nru node-static-eval-2.0.0/debian/compat node-static-eval-2.1.0/debian/compat
--- node-static-eval-2.0.0/debian/compat	2018-06-06 14:58:20.000000000 +0000
+++ node-static-eval-2.1.0/debian/compat	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-11
diff -Nru node-static-eval-2.0.0/debian/control node-static-eval-2.1.0/debian/control
--- node-static-eval-2.0.0/debian/control	2018-06-06 14:58:20.000000000 +0000
+++ node-static-eval-2.1.0/debian/control	2020-12-19 12:10:11.000000000 +0000
@@ -1,27 +1,24 @@
 Source: node-static-eval
-Section: javascript
-Priority: optional
 Maintainer: Debian Javascript Maintainers <pkg-javascript-devel@lists.alioth.debian.org>
 Uploaders: Bastien Roucariès <rouca@debian.org>
-Build-Depends:
- debhelper (>= 11)
- , dh-buildinfo
- , dpkg-dev (>= 1.17.14)
- , nodejs (>= 4.7)
- , node-tape (>= 0.1.5)  <!nocheck>
- , node-escodegen (>= 1.8.1) <!nocheck>
+Section: javascript
+Testsuite: autopkgtest-pkg-nodejs
+Priority: optional
+Build-Depends: debhelper-compat (= 13)
+ , dh-sequence-nodejs
+ , node-escodegen <!nocheck>
  , node-tap (>= 10) <!nocheck>
-Standards-Version: 4.1.4
-Homepage: https://github.com/substack/static-eval
-Vcs-Git: https://salsa.debian.org/js-team/node-static-eval.git
+ , node-tape <!nocheck>
+Standards-Version: 4.5.1
 Vcs-Browser: https://salsa.debian.org/js-team/node-static-eval
+Vcs-Git: https://salsa.debian.org/js-team/node-static-eval.git
+Homepage: https://github.com/substack/static-eval
+Rules-Requires-Root: no
 
 Package: node-static-eval
 Architecture: all
-Depends:
- ${misc:Depends}
- , nodejs (>= 4.7)
- , node-escodegen (>= 1.8.1)
+Depends: ${misc:Depends}
+ , node-escodegen
 Description: evaluate statically-analyzable javascript expressions
  This javascript module decompose expression in abstract tree and try
  to evaluate static evaluable expressions.
diff -Nru node-static-eval-2.0.0/debian/copyright node-static-eval-2.1.0/debian/copyright
--- node-static-eval-2.0.0/debian/copyright	2018-06-06 14:58:20.000000000 +0000
+++ node-static-eval-2.1.0/debian/copyright	2020-12-19 12:07:48.000000000 +0000
@@ -31,4 +31,3 @@
  ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
  CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  SOFTWARE.
-
diff -Nru node-static-eval-2.0.0/debian/docs node-static-eval-2.1.0/debian/docs
--- node-static-eval-2.0.0/debian/docs	2018-06-06 14:56:38.000000000 +0000
+++ node-static-eval-2.1.0/debian/docs	2020-12-19 12:12:55.000000000 +0000
@@ -1 +1,2 @@
 readme.markdown
+security.md
diff -Nru node-static-eval-2.0.0/debian/examples node-static-eval-2.1.0/debian/examples
--- node-static-eval-2.0.0/debian/examples	2018-06-06 14:56:38.000000000 +0000
+++ node-static-eval-2.1.0/debian/examples	2020-12-19 12:07:48.000000000 +0000
@@ -1 +1 @@
-example/*
\ No newline at end of file
+example/*
diff -Nru node-static-eval-2.0.0/debian/gbp.conf node-static-eval-2.1.0/debian/gbp.conf
--- node-static-eval-2.0.0/debian/gbp.conf	1970-01-01 00:00:00.000000000 +0000
+++ node-static-eval-2.1.0/debian/gbp.conf	2020-12-19 12:07:35.000000000 +0000
@@ -0,0 +1,5 @@
+[DEFAULT]
+pristine-tar = True
+
+[import-orig]
+filter = [ '.gitignore', '.travis.yml', '.git*' ]
diff -Nru node-static-eval-2.0.0/debian/install node-static-eval-2.1.0/debian/install
--- node-static-eval-2.0.0/debian/install	2018-06-06 14:56:38.000000000 +0000
+++ node-static-eval-2.1.0/debian/install	1970-01-01 00:00:00.000000000 +0000
@@ -1,2 +0,0 @@
-index.js usr/lib/nodejs/static-eval/
-package.json usr/lib/nodejs/static-eval/
diff -Nru node-static-eval-2.0.0/debian/rules node-static-eval-2.1.0/debian/rules
--- node-static-eval-2.0.0/debian/rules	2018-06-06 14:58:20.000000000 +0000
+++ node-static-eval-2.1.0/debian/rules	2020-12-19 12:08:54.000000000 +0000
@@ -7,15 +7,6 @@
 %:
 	dh $@
 
-override_dh_auto_test:
-ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS) $(DEB_BUILD_PROFILES)))
-	tap -R spec test/*.js
-else
-	@echo '**********************************************************'
-	@echo 'Skip test suite                                           '
-	@echo '**********************************************************'
-endif
-
 override_dh_installexamples:
 ifeq (,$(filter nodoc,$(DEB_BUILD_OPTIONS) $(DEB_BUILD_PROFILES)))
 	dh_installexamples
diff -Nru node-static-eval-2.0.0/debian/salsa-ci.yml node-static-eval-2.1.0/debian/salsa-ci.yml
--- node-static-eval-2.0.0/debian/salsa-ci.yml	1970-01-01 00:00:00.000000000 +0000
+++ node-static-eval-2.1.0/debian/salsa-ci.yml	2020-12-19 12:07:40.000000000 +0000
@@ -0,0 +1,4 @@
+---
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
diff -Nru node-static-eval-2.0.0/debian/tests/control node-static-eval-2.1.0/debian/tests/control
--- node-static-eval-2.0.0/debian/tests/control	2018-06-06 14:58:20.000000000 +0000
+++ node-static-eval-2.1.0/debian/tests/control	2020-12-19 12:09:02.000000000 +0000
@@ -1,8 +1,4 @@
-Tests: require
-Depends: node-static-eval, nodejs (>= 6)
-
-Tests: runtestsuite
-Depends: node-static-eval, node-tape, node-tap (>= 10)
-
 Tests: runexamples
-Depends: node-static-eval, nodejs (>= 6)
+Depends:
+ node-static-eval
+ , nodejs (>= 6)
diff -Nru node-static-eval-2.0.0/debian/tests/pkg-js/test node-static-eval-2.1.0/debian/tests/pkg-js/test
--- node-static-eval-2.0.0/debian/tests/pkg-js/test	1970-01-01 00:00:00.000000000 +0000
+++ node-static-eval-2.1.0/debian/tests/pkg-js/test	2020-12-19 12:08:45.000000000 +0000
@@ -0,0 +1 @@
+tap test/*.js
diff -Nru node-static-eval-2.0.0/debian/tests/require node-static-eval-2.1.0/debian/tests/require
--- node-static-eval-2.0.0/debian/tests/require	2018-06-06 14:58:20.000000000 +0000
+++ node-static-eval-2.1.0/debian/tests/require	1970-01-01 00:00:00.000000000 +0000
@@ -1,3 +0,0 @@
-#!/bin/sh
-set -e
-node -e "require('static-eval');"
diff -Nru node-static-eval-2.0.0/debian/tests/runtestsuite node-static-eval-2.1.0/debian/tests/runtestsuite
--- node-static-eval-2.0.0/debian/tests/runtestsuite	2018-06-06 14:58:20.000000000 +0000
+++ node-static-eval-2.1.0/debian/tests/runtestsuite	1970-01-01 00:00:00.000000000 +0000
@@ -1,4 +0,0 @@
-#!/bin/sh
-set -e
-
-tap -R spec test/*.js
diff -Nru node-static-eval-2.0.0/debian/TODO node-static-eval-2.1.0/debian/TODO
--- node-static-eval-2.0.0/debian/TODO	2018-06-06 14:56:38.000000000 +0000
+++ node-static-eval-2.1.0/debian/TODO	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-+ check why example eval fail
diff -Nru node-static-eval-2.0.0/debian/upstream/metadata node-static-eval-2.1.0/debian/upstream/metadata
--- node-static-eval-2.0.0/debian/upstream/metadata	1970-01-01 00:00:00.000000000 +0000
+++ node-static-eval-2.1.0/debian/upstream/metadata	2020-12-19 12:07:32.000000000 +0000
@@ -0,0 +1,5 @@
+---
+Bug-Database: https://github.com/substack/static-eval/issues
+Bug-Submit: https://github.com/substack/static-eval/issues/new
+Repository: https://github.com/substack/static-eval.git
+Repository-Browse: https://github.com/substack/static-eval
diff -Nru node-static-eval-2.0.0/index.js node-static-eval-2.1.0/index.js
--- node-static-eval-2.0.0/index.js	2017-10-05 08:58:45.000000000 +0000
+++ node-static-eval-2.1.0/index.js	2020-06-15 10:23:03.000000000 +0000
@@ -1,15 +1,18 @@
 var unparse = require('escodegen').generate;
 
-module.exports = function (ast, vars) {
+module.exports = function (ast, vars, opts) {
+    if(!opts) opts = {};
+    var rejectAccessToMethodsOnFunctions = !opts.allowAccessToMethodsOnFunctions;
+
     if (!vars) vars = {};
     var FAIL = {};
-    
-    var result = (function walk (node, scopeVars) {
+
+    var result = (function walk (node, noExecute) {
         if (node.type === 'Literal') {
             return node.value;
         }
         else if (node.type === 'UnaryExpression'){
-            var val = walk(node.argument)
+            var val = walk(node.argument, noExecute)
             if (node.operator === '+') return +val
             if (node.operator === '-') return -val
             if (node.operator === '~') return ~val
@@ -19,7 +22,7 @@
         else if (node.type === 'ArrayExpression') {
             var xs = [];
             for (var i = 0, l = node.elements.length; i < l; i++) {
-                var x = walk(node.elements[i]);
+                var x = walk(node.elements[i], noExecute);
                 if (x === FAIL) return FAIL;
                 xs.push(x);
             }
@@ -31,7 +34,7 @@
                 var prop = node.properties[i];
                 var value = prop.value === null
                     ? prop.value
-                    : walk(prop.value)
+                    : walk(prop.value, noExecute)
                 ;
                 if (value === FAIL) return FAIL;
                 obj[prop.key.value || prop.key.name] = value;
@@ -40,12 +43,30 @@
         }
         else if (node.type === 'BinaryExpression' ||
                  node.type === 'LogicalExpression') {
-            var l = walk(node.left);
+            var op = node.operator;
+
+            if (op === '&&') {
+                var l = walk(node.left);
+                if (l === FAIL) return FAIL;
+                if (!l) return l;
+                var r = walk(node.right);
+                if (r === FAIL) return FAIL;
+                return r;
+            }
+            else if (op === '||') {
+                var l = walk(node.left);
+                if (l === FAIL) return FAIL;
+                if (l) return l;
+                var r = walk(node.right);
+                if (r === FAIL) return FAIL;
+                return r;
+            }
+
+            var l = walk(node.left, noExecute);
             if (l === FAIL) return FAIL;
-            var r = walk(node.right);
+            var r = walk(node.right, noExecute);
             if (r === FAIL) return FAIL;
-            
-            var op = node.operator;
+
             if (op === '==') return l == r;
             if (op === '===') return l === r;
             if (op === '!=') return l != r;
@@ -62,9 +83,7 @@
             if (op === '|') return l | r;
             if (op === '&') return l & r;
             if (op === '^') return l ^ r;
-            if (op === '&&') return l && r;
-            if (op === '||') return l || r;
-            
+
             return FAIL;
         }
         else if (node.type === 'Identifier') {
@@ -80,70 +99,80 @@
             else return FAIL;
         }
         else if (node.type === 'CallExpression') {
-            var callee = walk(node.callee);
+            var callee = walk(node.callee, noExecute);
             if (callee === FAIL) return FAIL;
             if (typeof callee !== 'function') return FAIL;
-            
-            var ctx = node.callee.object ? walk(node.callee.object) : FAIL;
+
+
+            var ctx = node.callee.object ? walk(node.callee.object, noExecute) : FAIL;
             if (ctx === FAIL) ctx = null;
 
             var args = [];
             for (var i = 0, l = node.arguments.length; i < l; i++) {
-                var x = walk(node.arguments[i]);
+                var x = walk(node.arguments[i], noExecute);
                 if (x === FAIL) return FAIL;
                 args.push(x);
             }
+
+            if (noExecute) {
+                return undefined;
+            }
+
             return callee.apply(ctx, args);
         }
         else if (node.type === 'MemberExpression') {
-            var obj = walk(node.object);
-            // do not allow access to methods on Function 
-            if((obj === FAIL) || (typeof obj == 'function')){
+            var obj = walk(node.object, noExecute);
+            if((obj === FAIL) || (
+                (typeof obj == 'function') && rejectAccessToMethodsOnFunctions
+            )){
                 return FAIL;
             }
-            if (node.property.type === 'Identifier') {
+            if (node.property.type === 'Identifier' && !node.computed) {
+                if (isUnsafeProperty(node.property.name)) return FAIL;
                 return obj[node.property.name];
             }
-            var prop = walk(node.property);
-            if (prop === FAIL) return FAIL;
+            var prop = walk(node.property, noExecute);
+            if (prop === null || prop === FAIL) return FAIL;
+            if (isUnsafeProperty(prop)) return FAIL;
             return obj[prop];
         }
         else if (node.type === 'ConditionalExpression') {
-            var val = walk(node.test)
+            var val = walk(node.test, noExecute)
             if (val === FAIL) return FAIL;
-            return val ? walk(node.consequent) : walk(node.alternate)
+            return val ? walk(node.consequent) : walk(node.alternate, noExecute)
         }
         else if (node.type === 'ExpressionStatement') {
-            var val = walk(node.expression)
+            var val = walk(node.expression, noExecute)
             if (val === FAIL) return FAIL;
             return val;
         }
         else if (node.type === 'ReturnStatement') {
-            return walk(node.argument)
+            return walk(node.argument, noExecute)
         }
         else if (node.type === 'FunctionExpression') {
-            
             var bodies = node.body.body;
-            
+
             // Create a "scope" for our arguments
             var oldVars = {};
             Object.keys(vars).forEach(function(element){
                 oldVars[element] = vars[element];
             })
 
-            node.params.forEach(function(key) {
+            for(var i=0; i<node.params.length; i++){
+                var key = node.params[i];
                 if(key.type == 'Identifier'){
                   vars[key.name] = null;
                 }
-            });
+                else return FAIL;
+            }
             for(var i in bodies){
-                if(walk(bodies[i]) === FAIL){
+                if(walk(bodies[i], true) === FAIL){
                     return FAIL;
                 }
             }
             // restore the vars and scope after we walk
             vars = oldVars;
-            
+
             var keys = Object.keys(vars);
             var vals = keys.map(function(key) {
                 return vars[key];
@@ -153,14 +182,14 @@
         else if (node.type === 'TemplateLiteral') {
             var str = '';
             for (var i = 0; i < node.expressions.length; i++) {
-                str += walk(node.quasis[i]);
-                str += walk(node.expressions[i]);
+                str += walk(node.quasis[i], noExecute);
+                str += walk(node.expressions[i], noExecute);
             }
-            str += walk(node.quasis[i]);
+            str += walk(node.quasis[i], noExecute);
             return str;
         }
         else if (node.type === 'TaggedTemplateExpression') {
-            var tag = walk(node.tag);
+            var tag = walk(node.tag, noExecute);
             var quasi = node.quasi;
             var strings = quasi.quasis.map(walk);
             var values = quasi.expressions.map(walk);
@@ -171,6 +200,10 @@
         }
         else return FAIL;
     })(ast);
-    
+
     return result === FAIL ? undefined : result;
 };
+
+function isUnsafeProperty(name) {
+    return name === 'constructor' || name === '__proto__';
+}
diff -Nru node-static-eval-2.0.0/LICENSE node-static-eval-2.1.0/LICENSE
--- node-static-eval-2.0.0/LICENSE	2017-10-05 08:58:45.000000000 +0000
+++ node-static-eval-2.1.0/LICENSE	2020-06-15 10:23:03.000000000 +0000
@@ -1,4 +1,6 @@
-This software is released under the MIT license:
+MIT License
+
+Copyright (c) 2013 James Halliday
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in
diff -Nru node-static-eval-2.0.0/.npmrc node-static-eval-2.1.0/.npmrc
--- node-static-eval-2.0.0/.npmrc	1970-01-01 00:00:00.000000000 +0000
+++ node-static-eval-2.1.0/.npmrc	2020-06-15 10:23:03.000000000 +0000
@@ -0,0 +1 @@
+package-lock=false
diff -Nru node-static-eval-2.0.0/package.json node-static-eval-2.1.0/package.json
--- node-static-eval-2.0.0/package.json	2017-10-05 08:58:45.000000000 +0000
+++ node-static-eval-2.1.0/package.json	2020-06-15 10:23:03.000000000 +0000
@@ -1,14 +1,14 @@
 {
   "name": "static-eval",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "evaluate statically-analyzable expressions",
   "main": "index.js",
   "dependencies": {
-    "escodegen": "^1.8.1"
+    "escodegen": "^1.11.1"
   },
   "devDependencies": {
-    "esprima": "^2.7.3",
-    "tape": "^4.6.0"
+    "esprima": "^3.1.3",
+    "tape": "^4.10.1"
   },
   "scripts": {
     "test": "tape test/*.js"
@@ -25,9 +25,9 @@
   },
   "repository": {
     "type": "git",
-    "url": "git://github.com/substack/static-eval.git"
+    "url": "git://github.com/browserify/static-eval.git"
   },
-  "homepage": "https://github.com/substack/static-eval",
+  "homepage": "https://github.com/browserify/static-eval",
   "keywords": [
     "static",
     "eval",
diff -Nru node-static-eval-2.0.0/readme.markdown node-static-eval-2.1.0/readme.markdown
--- node-static-eval-2.0.0/readme.markdown	2017-10-05 08:58:45.000000000 +0000
+++ node-static-eval-2.1.0/readme.markdown	2020-06-15 10:23:03.000000000 +0000
@@ -4,7 +4,11 @@
 
 [![testling badge](https://ci.testling.com/substack/static-eval.png)](https://ci.testling.com/substack/static-eval)
 
-[![build status](https://secure.travis-ci.org/substack/static-eval.png)](http://travis-ci.org/substack/static-eval)
+[![build status](https://secure.travis-ci.org/browserify/static-eval.png)](http://travis-ci.org/browserify/static-eval)
+
+# security
+
+static-eval is like `eval`. It is intended for use in build scripts and code transformations, doing some evaluation at build time—it is **NOT** suitable for handling arbitrary untrusted user input. Malicious user input _can_ execute arbitrary code.
 
 # example
 
diff -Nru node-static-eval-2.0.0/security.md node-static-eval-2.1.0/security.md
--- node-static-eval-2.0.0/security.md	1970-01-01 00:00:00.000000000 +0000
+++ node-static-eval-2.1.0/security.md	2020-06-15 10:23:03.000000000 +0000
@@ -0,0 +1,15 @@
+# Security Policy
+
+## Supported Versions
+Only the latest major version is supported at any given time.
+
+## Reporting a Vulnerability
+
+To report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security).
+Tidelift will coordinate the fix and disclosure.
+
+Note that this package is intended for use in build-time
+transformations. It is only intended to handle trusted code. If a
+vulnerability requires a fix that would prevent important use cases, we
+may decide not to address it.
diff -Nru node-static-eval-2.0.0/test/eval.js node-static-eval-2.1.0/test/eval.js
--- node-static-eval-2.0.0/test/eval.js	2017-10-05 08:58:45.000000000 +0000
+++ node-static-eval-2.1.0/test/eval.js	2020-06-15 10:23:03.000000000 +0000
@@ -44,6 +44,20 @@
     t.deepEqual(evaluate(ast), [2, 4, 6]);
 });
 
+test('array methods invocation count', function(t) {
+    t.plan(2);
+
+    var variables = {
+        values: [1, 2, 3],
+        receiver: []
+    };
+    var src = 'values.forEach(function(x) { receiver.push(x); })'
+    var ast = parse(src).body[0].expression;
+    evaluate(ast, variables);
+    t.equal(variables.receiver.length, 3);
+    t.deepEqual(variables.receiver, [1, 2, 3]);
+})
+
 test('array methods with vars', function(t) {
     t.plan(1);
 
@@ -79,4 +93,85 @@
     var ast = parse(src).body[0].expression;
     var res = evaluate(ast, {});
     t.equal(res, undefined);
+});
+
+test('disallow accessing constructor or __proto__', function (t) {
+    t.plan(4)
+
+    var someValue = {};
+
+    var src = 'object.constructor';
+    var ast = parse(src).body[0].expression;
+    var res = evaluate(ast, { vars: { object: someValue } });
+    t.equal(res, undefined);
+
+    var src = 'object["constructor"]';
+    var ast = parse(src).body[0].expression;
+    var res = evaluate(ast, { vars: { object: someValue } });
+    t.equal(res, undefined);
+
+    var src = 'object.__proto__';
+    var ast = parse(src).body[0].expression;
+    var res = evaluate(ast, { vars: { object: someValue } });
+    t.equal(res, undefined);
+
+    var src = 'object["__pro"+"t\x6f__"]';
+    var ast = parse(src).body[0].expression;
+    var res = evaluate(ast, { vars: { object: someValue } });
+    t.equal(res, undefined);
+});
+
+
+test('constructor at runtime only', function(t) {
+    t.plan(2)
+
+    var src = '(function myTag(y){return ""[!y?"__proto__":"constructor"][y]})("constructor")("console.log(process.env)")()'
+    var ast = parse(src).body[0].expression;
+    var res = evaluate(ast);
+    t.equal(res, undefined);
+
+    var src = '(function(prop) { return {}[prop ? "benign" : "constructor"][prop] })("constructor")("alert(1)")()'
+    var ast = parse(src).body[0].expression;
+    var res = evaluate(ast);
+    t.equal(res, undefined);
+});
+
+test('short circuit evaluation AND', function(t) {
+    t.plan(1);
+
+    var variables = {
+        value: null
+    };
+    var src = 'value && value.func()';
+    var ast = parse(src).body[0].expression;
+    var res = evaluate(ast, variables);
+    t.equals(res, null);
+})
+
+test('short circuit evaluation OR', function(t) {
+    t.plan(1);
+
+    var fnInvoked = false;
+    var variables = {
+        value: true,
+        fn: function() { fnInvoked = true}
+    };
+    var src = 'value || fn()';
+    var ast = parse(src).body[0].expression;
+    evaluate(ast, variables);
+    t.equals(fnInvoked, false);
+})
+
+test('function declaration does not invoke CallExpressions', function(t) {
+    t.plan(1);
+
+    var invoked = false;
+    var variables = {
+        noop: function(){},
+        onInvoke: function() {invoked = true}
+    };
+    var src = 'noop(function(){ onInvoke(); })';
+    var ast = parse(src).body[0].expression;
+    evaluate(ast, variables);
+    t.equal(invoked, false);
 });
\ No newline at end of file
diff -Nru node-static-eval-2.0.0/.travis.yml node-static-eval-2.1.0/.travis.yml
--- node-static-eval-2.0.0/.travis.yml	2017-10-05 08:58:45.000000000 +0000
+++ node-static-eval-2.1.0/.travis.yml	2020-06-15 10:23:03.000000000 +0000
@@ -1,4 +1,18 @@
 language: node_js
+os: linux
+dist: bionic
+before_install:
+  - "nvm install-latest-npm"
 node_js:
   - "0.8"
   - "0.10"
+  - "0.12"
+  - "4"
+  - "6"
+  - "8"
+  - "9"
+  - "10"
+  - "11"
+  - "12"
+  - "13"
+  - "14"