Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@firebase/util
Advanced tools
_NOTE: This is specifically tailored for Firebase JS SDK usage, if you are not a member of the Firebase team, please avoid using this package_
The @firebase/util package provides a collection of utility functions that are used across the Firebase JavaScript SDK. These utilities include tasks such as encoding and decoding, URL manipulation, and deep object merges. This package is mainly used internally by Firebase, but it can also be used directly to leverage some of its utility functions in your projects.
Encoding and Decoding Base64
This feature allows you to encode and decode strings to and from Base64. It's useful for encoding data that needs to be safely transmitted over a network.
"use strict";
const { base64Encode, base64Decode } = require('@firebase/util');
const encoded = base64Encode('Firebase');
console.log(encoded); // Output: RmlyZWJhc2U=
const decoded = base64Decode(encoded);
console.log(decoded); // Output: Firebase
Deep Merge Objects
This feature provides functions to deeply copy and merge JavaScript objects. It's particularly useful when you need to combine settings or configurations.
"use strict";
const { deepCopy, deepExtend } = require('@firebase/util');
const obj1 = { a: 1, b: { c: 2 } };
const obj2 = { b: { d: 3 }, e: 4 };
const merged = deepExtend(obj1, obj2);
console.log(merged); // Output: { a: 1, b: { c: 2, d: 3 }, e: 4 }
URL Manipulation
This feature allows you to easily construct query strings from objects, which is useful for creating URLs with parameters.
"use strict";
const { querystring } = require('@firebase/util');
const queryString = querystring({ a: 1, b: 'Firebase' });
console.log(queryString); // Output: ?a=1&b=Firebase
Lodash is a comprehensive utility library offering a wide range of functions for tasks such as manipulating objects, arrays, strings, etc. While @firebase/util focuses on utilities needed for Firebase development, lodash provides a broader set of utilities that can be used in a wide range of JavaScript applications.
The qs package is used for query string parsing and stringifying with nested objects support. It offers similar URL manipulation capabilities as @firebase/util but is more focused and comprehensive in handling query strings.
NOTE: This is specifically tailored for Firebase JS SDK usage, if you are not a member of the Firebase team, please avoid using this package
This is a wrapper of some Webchannel Features for the Firebase JS SDK.
You can install this wrapper by running the following in your project:
$ npm install @firebase/util
ES Modules
import { Deferred } from '@firebase/util';
// Do stuff with Deferred or any of the other Utils you import
CommonJS Modules
const utils = require('@firebase/util');
// Do stuff with any of the re-exported `utils`
FAQs
_NOTE: This is specifically tailored for Firebase JS SDK usage, if you are not a member of the Firebase team, please avoid using this package_
The npm package @firebase/util receives a total of 2,982,116 weekly downloads. As such, @firebase/util popularity was classified as popular.
We found that @firebase/util demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.