I know this may be a newbie question, but I'm curious as to the main benefit of eval() - where would it be used best? I appreciate any info.

The eval function is best used: Never.

It's purpose is to evaluate a string as a Javascript expression. Example:

eval('x = 42');

It has been used a lot before, because a lot of people didn't know how to write the proper code for what they wanted to do. For example when using a dynamic name for a field:

eval('document.frm.'+frmName).value = text;

The proper way to do that would be:

document.frm[frmName].value = text;

As the eval method executes the string as code, every time that it is used is a potential opening for someone to inject harmful code in the page. See cross-site scripting.

There are a few legitimate uses for the eval function. It's however not likely that you will ever be in a situation where you actually will need it.

This is quite an old question, and perhaps people didn't think of use cases for eval() properly at the time. One great use for eval() is for implementing hot reloading into your backend or frontend development flow.

Basically eval() can make it possible for you to edit code in your editor, and have it patch your running application without it restarting, and without it losing state (depending on the implementation). You will need associated code that watches for file changes, and somehow sends the changes to your application, but eval() is ultimately the method of converting those changes into actual js.

EDIT

Another use case I have come across:

You can use eval() to bypass webpack's compilation process in events where you want to dynamically require files that you don't want to be transpiled (like json) For example:

const data = eval('require')(`./emails/${recipient}/${type}.json`)

On that note, I think it is entirely wrong to write a statement like eval() is evil, or should never be used. Blanket statements like these are the real evil!

eval makes it possible to execute (or evaluate) a string of javascript code.

Thus, it is applicable when you want someone to execute a string of javascript code. Like, for example, under an educational article about JavaScript, so the reader can immediately try it :)

Or, again if your website is targeted to programmers, you may want them to write and execute their own plugins.

eval() should not be used in Javascript.

eval() used to be used to parse JSON strings, but that use has been superseded by the faster and more-secure JSON.parse.

The best goal of using eval is to dynamically load code, generate code at runtime and do similar meta programming stuff. In general, if you can do the same without eval, don't use eval.

You can run JS that is stored in the value of a field on the webpage.

You can use eval with JS, it's just that then your code is more viable to attack. As long as it doesn't use AJAX, there's no server problem.

If you use eval, you should parse out the characters [ ()<>{} ]

　　　　　　　　　　　　　　　　　　eval() = evil

You should not really use it at all. It can be used for easy code insert, but someone can insert bad scripts using eval(). Sometimes people use eval() for parsing JSON, or

eval("obj." + id);   //newbies

but actually you can achieve all those things without using eval().

obj[id];             //should-do

As said earlier, there is a potential risk involved while using eval(), If you want to evaluate string as expression you can use ${} to evalute expression, introduced in ECMA-6

Maybe I am wrong, but I am using it to convert a classic string (from a file) into a ES6 template string:

let name = 'Daman'
let classicString = 'Hello ${name}'
let templateString = eval('`' + classicString + '`')

Which gives me just what I need:

"Hello Daman"

one of the best use case using eval is javascript logger in which user can execute javascript in run time. for example javascript logger allowing the user to execute script in logger window.

you could build a client skeleton and have it work as a foundation app - receiving bundles of code and then executing them - thereby making the client extremely flexible -- having all code on server in bundles. This however is highly risky and if such a thing is needed, then you should perhaps use Java with Java bundles. Why Eval is still in the language is debateable, it is a too big security risk to use