Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@homer0/deep-assign
Advanced tools
Deep merge (and copy) of objects and Arrays using native spread syntax
Deep merge (and copy) of objects and Arrays using native spread syntax.
If you are wondering why I built this, go to the Motivation section.
import { deepAssign } from '@homer0/deep-assign';
const generateOptions = (options = {}) => deepAssign(
{
title: 'myApp',
sections: [{ title: 'about', enabled: true }],
enabled: false,
features: {
accounts: true,
blog: false,
},
},
options,
);
console.log(generateOptions({
title: 'my AWESOME app',
sections: [{ title: 'ME', url: '/me' }, 'projects'],
enabled: true,
features: {
blog: true,
projects: true,
},
extras: null,
}));
/**
* {
* title: 'my AWESOME app',
* sections: [
* { title: 'ME', enabled: true, url: '/me' },
* 'projects',
* ],
* enabled: true,
* features: {
* accounts: true,
* blog: true,
* projects: true,
* },
* extras: null,
* }
import { deepAssign } from '@homer0/deep-assign';
const FEATURES_KEY = Symbol('features');
const generateOptions = (options = {}) => deepAssign(
{
title: 'myApp',
[FEATURES_KEY]: {
accounts: true,
blog: false,
},
},
options,
);
console.log(generateOptions({
title: 'my AWESOME app',
[FEATURES_KEY]: {
blog: true,
projects: true,
},
}));
/**
* {
* title: 'my AWESOME app',
* [Symbol(features)]: {
* accounts: true,
* blog: true,
* projects: true,
* },
* }
This feature allows for Arrays found inside properties to be concatenated instead of merging them.
import { deepAssignWithConcat } from '@homer0/deep-assign';
const generateOptions = (options = {}) => deepAssignWithConcat(
{
title: 'myApp',
sections: [{ title: 'about', enabled: true }],
},
options,
);
console.log(generateOptions({
title: 'my AWESOME app',
sections: [{ title: 'ME', url: '/me' }, 'projects'],
}));
/**
* {
* title: 'my AWESOME app',
* sections: [
* { title: 'about', enabled: true },
* { title: 'ME', url: '/me' },
* 'projects',
* ],
* }
This allows you to, instead of merging Arrays inside object properties, to overwrite them entirely.
import { deepAssignWithOverwrite } from '@homer0/deep-assign';
const generateOptions = (options = {}) => deepAssignWithOverwrite(
{
title: 'myApp',
sections: [{ title: 'about', enabled: true }],
},
options,
);
console.log(generateOptions({
title: 'my AWESOME app',
sections: [{ title: 'ME', url: '/me' }, 'projects'],
}));
/**
* {
* title: 'my AWESOME app',
* sections: [
* { title: 'ME', url: '/me' },
* 'projects',
* ],
* }
If you want to merge the Arrays, but don't want it to go as deep as the objects inside, you can use do a "shallow merge".
import { deepAssignWithShallowMerge } from '@homer0/deep-assign';
const generateOptions = (options = {}) => deepAssignWithShallowMerge(
{
title: 'myApp',
sections: [{ title: 'about', enabled: true }],
},
options,
);
console.log(generateOptions({
title: 'my AWESOME app',
sections: [{ title: 'ME', url: '/me' }, 'projects'],
}));
/**
* {
* title: 'my AWESOME app',
* sections: [
* { title: 'ME', url: '/me' },
* 'projects',
* ],
* }
As this project is part of the packages
monorepo, some of the tooling, like lint-staged
and husky
, are installed on the root's package.json
.
Task | Description |
---|---|
lint | Lints the package. |
test | Runs the unit tests. |
build | Transpiles and bundles the project. |
types:check | Validates the TypeScript types. |
This used to be part of the wootils
package, my personal lib of utilities, but I decided to extract them into individual packages, as part of the packages
monorepo, and take the oportunity to migrate them to TypeScript.
Now, the reason I created this, rather than use merge
from my own object-utils
lib, it's because extend
doesn't support symbols as keys, they don't want to support for it, and since merging with spread syntax already does... "how hard could it be to use spread syntax recursively?".
FAQs
Deep merge (and copy) of objects and Arrays using native spread syntax
The npm package @homer0/deep-assign receives a total of 6 weekly downloads. As such, @homer0/deep-assign popularity was classified as not popular.
We found that @homer0/deep-assign demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.