Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@firebase/util
Advanced tools
_NOTE: This is specifically tailored for Firebase JS SDK usage, if you are not a member of the Firebase team, please avoid using this package_
The @firebase/util package provides a collection of utility functions that are used across the Firebase JavaScript SDK. These utilities include tasks such as encoding and decoding, URL manipulation, and deep object merges. This package is mainly used internally by Firebase, but it can also be used directly to leverage some of its utility functions in your projects.
Encoding and Decoding Base64
This feature allows you to encode and decode strings to and from Base64. It's useful for encoding data that needs to be safely transmitted over a network.
"use strict";
const { base64Encode, base64Decode } = require('@firebase/util');
const encoded = base64Encode('Firebase');
console.log(encoded); // Output: RmlyZWJhc2U=
const decoded = base64Decode(encoded);
console.log(decoded); // Output: Firebase
Deep Merge Objects
This feature provides functions to deeply copy and merge JavaScript objects. It's particularly useful when you need to combine settings or configurations.
"use strict";
const { deepCopy, deepExtend } = require('@firebase/util');
const obj1 = { a: 1, b: { c: 2 } };
const obj2 = { b: { d: 3 }, e: 4 };
const merged = deepExtend(obj1, obj2);
console.log(merged); // Output: { a: 1, b: { c: 2, d: 3 }, e: 4 }
URL Manipulation
This feature allows you to easily construct query strings from objects, which is useful for creating URLs with parameters.
"use strict";
const { querystring } = require('@firebase/util');
const queryString = querystring({ a: 1, b: 'Firebase' });
console.log(queryString); // Output: ?a=1&b=Firebase
Lodash is a comprehensive utility library offering a wide range of functions for tasks such as manipulating objects, arrays, strings, etc. While @firebase/util focuses on utilities needed for Firebase development, lodash provides a broader set of utilities that can be used in a wide range of JavaScript applications.
The qs package is used for query string parsing and stringifying with nested objects support. It offers similar URL manipulation capabilities as @firebase/util but is more focused and comprehensive in handling query strings.
NOTE: This is specifically tailored for Firebase JS SDK usage, if you are not a member of the Firebase team, please avoid using this package
This is a wrapper of some Webchannel Features for the Firebase JS SDK.
ES Modules
import { Deferred } from '@firebase/util';
// Do stuff with Deferred or any of the other Utils you import
CommonJS Modules
const utils = require('@firebase/util');
// Do stuff with any of the re-exported `utils`
FAQs
_NOTE: This is specifically tailored for Firebase JS SDK usage, if you are not a member of the Firebase team, please avoid using this package_
The npm package @firebase/util receives a total of 3,825,427 weekly downloads. As such, @firebase/util popularity was classified as popular.
We found that @firebase/util demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.