Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
@homer0/deep-assign
Advanced tools
🧬 Deep assign
Deep merge (and copy) of objects and Arrays using native spread syntax.
🍿 Usage
If you are wondering why I built this, go to the Motivation section.
- ⚙️ Examples
- 🤘 Development
⚙️ Examples
Simple merge
import { deepAssign } from '@homer0/deep-assign';
const generateOptions = (options = {}) => deepAssign(
{
title: 'myApp',
sections: [{ title: 'about', enabled: true }],
enabled: false,
features: {
accounts: true,
blog: false,
},
},
options,
);
console.log(generateOptions({
title: 'my AWESOME app',
sections: [{ title: 'ME', url: '/me' }, 'projects'],
enabled: true,
features: {
blog: true,
projects: true,
},
extras: null,
}));
/**
* {
* title: 'my AWESOME app',
* sections: [
* { title: 'ME', enabled: true, url: '/me' },
* 'projects',
* ],
* enabled: true,
* features: {
* accounts: true,
* blog: true,
* projects: true,
* },
* extras: null,
* }
Symbols as keys
import { deepAssign } from '@homer0/deep-assign';
const FEATURES_KEY = Symbol('features');
const generateOptions = (options = {}) => deepAssign(
{
title: 'myApp',
[FEATURES_KEY]: {
accounts: true,
blog: false,
},
},
options,
);
console.log(generateOptions({
title: 'my AWESOME app',
[FEATURES_KEY]: {
blog: true,
projects: true,
},
}));
/**
* {
* title: 'my AWESOME app',
* [Symbol(features)]: {
* accounts: true,
* blog: true,
* projects: true,
* },
* }
Arrays concatenation
This feature allows for Arrays found inside properties to be concatenated instead of merging them.
import { deepAssignWithConcat } from '@homer0/deep-assign';
const generateOptions = (options = {}) => deepAssignWithConcat(
{
title: 'myApp',
sections: [{ title: 'about', enabled: true }],
},
options,
);
console.log(generateOptions({
title: 'my AWESOME app',
sections: [{ title: 'ME', url: '/me' }, 'projects'],
}));
/**
* {
* title: 'my AWESOME app',
* sections: [
* { title: 'about', enabled: true },
* { title: 'ME', url: '/me' },
* 'projects',
* ],
* }
Arrays overwrite
This allows you to, instead of merging Arrays inside object properties, to overwrite them entirely.
import { deepAssignWithOverwrite } from '@homer0/deep-assign';
const generateOptions = (options = {}) => deepAssignWithOverwrite(
{
title: 'myApp',
sections: [{ title: 'about', enabled: true }],
},
options,
);
console.log(generateOptions({
title: 'my AWESOME app',
sections: [{ title: 'ME', url: '/me' }, 'projects'],
}));
/**
* {
* title: 'my AWESOME app',
* sections: [
* { title: 'ME', url: '/me' },
* 'projects',
* ],
* }
Arrays shallow merge
If you want to merge the Arrays, but don't want it to go as deep as the objects inside, you can use do a "shallow merge".
import { deepAssignWithShallowMerge } from '@homer0/deep-assign';
const generateOptions = (options = {}) => deepAssignWithShallowMerge(
{
title: 'myApp',
sections: [{ title: 'about', enabled: true }],
},
options,
);
console.log(generateOptions({
title: 'my AWESOME app',
sections: [{ title: 'ME', url: '/me' }, 'projects'],
}));
/**
* {
* title: 'my AWESOME app',
* sections: [
* { title: 'ME', url: '/me' },
* 'projects',
* ],
* }
🤘 Development
As this project is part of the packages monorepo, some of the tooling, like lint-staged and husky, are installed on the root's package.json.
Tasks
| Task | Description |
|---|---|
lint | Lints the package. |
test | Runs the unit tests. |
build | Transpiles and bundles the project. |
types:check | Validates the TypeScript types. |
Motivation
This used to be part of the wootils package, my personal lib of utilities, but I decided to extract them into individual packages, as part of the packages monorepo, and take the oportunity to migrate them to TypeScript.
Now, the reason I created this, rather than use merge from my own object-utils lib, it's because extend doesn't support symbols as keys, they don't want to support for it, and since merging with spread syntax already does... "how hard could it be to use spread syntax recursively?".
FAQs
Deep merge (and copy) of objects and Arrays using native spread syntax
We found that @homer0/deep-assign demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 10 May 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025