Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
@npmtuanmap/velit-esse-velit-magnam
Advanced tools
A blazing fast deep object copier
import copy from '@npmtuanmap/velit-esse-velit-magnam';
import { deepEqual } from 'fast-equals';
const object = {
array: [123, { deep: 'value' }],
map: new Map([
['foo', {}],
[{ bar: 'baz' }, 'quz'],
]),
};
const copiedObject = copy(object);
console.log(copiedObject === object); // false
console.log(deepEqual(copiedObject, object)); // true
copy
Deeply copy the object passed.
import copy from '@npmtuanmap/velit-esse-velit-magnam';
const copied = copy({ foo: 'bar' });
copyStrict
Deeply copy the object passed, but with additional strictness when replicating the original object:
import { copyStrict } from '@npmtuanmap/velit-esse-velit-magnam';
const object = { foo: 'bar' };
object.nonEnumerable = Object.defineProperty(object, 'bar', {
enumerable: false,
value: 'baz',
});
const copied = copy(object);
NOTE: This method is significantly slower than copy
, so it is recommended to only use this when you have specific use-cases that require it.
createCopier
Create a custom copier based on the type-specific methods passed. This is useful if you want to squeeze out maximum performance, or perform something other than a standard deep copy.
import { createCopier } from '@npmtuanmap/velit-esse-velit-magnam';
const copyShallow = createCopier({
array: (array) => [...array],
map: (map) => new Map(map.entries()),
object: (object) => ({ ...object }),
set: (set) => new Set(set.values()),
});
Each internal copier method has the following contract:
type InternalCopier<Value> = (value: Value, state: State) => Value;
interface State {
Constructor: any;
cache: WeakMap;
copier: InternalCopier<any>;
prototype: any;
}
Any method overriding the defaults must maintain this contract.
array
=> Array
arrayBuffer
=> ArrayBuffer
, Float32Array
, Float64Array
, Int8Array
, Int16Array
, Int32Array
, Uint8Array
, Uint8ClampedArray
, Uint16Array
, Uint32Array
, Uint64Array
blob
=> Blob
dataView
=> DataView
date
=> Date
error
=> Error
, AggregateError
, EvalError
, RangeError
, ReferenceError
, SyntaxError
, TypeError
, URIError
map
=> Map
object
=> Object
, or any custom constructorregExp
=> RegExp
set
=> Set
cache
If you want to maintain circular reference handling, then you'll need the methods to handle cache population for future lookups:
function shallowlyCloneArray<Value extends any[]>(
value: Value,
state: State
): Value {
const clone = [...value];
state.cache.set(value, clone);
return clone;
}
copier
copier
is provided for recursive calls with deeply-nested objects.
function deeplyCloneArray<Value extends any[]>(
value: Value,
state: State
): Value {
const clone = [];
state.cache.set(value, clone);
value.forEach((item) => state.copier(item, state));
return clone;
}
Note above I am using forEach
instead of a simple map
. This is because it is highly recommended to store the clone in cache
eagerly when deeply copying, so that nested circular references are handled correctly.
Constructor
/ prototype
Both Constructor
and prototype
properties are only populated with complex objects that are not standard objects or arrays. This is mainly useful for custom subclasses of these globals, or maintaining custom prototypes of objects.
function deeplyCloneSubclassArray<Value extends CustomArray>(
value: Value,
state: State
): Value {
const clone = new state.Constructor();
state.cache.set(value, clone);
value.forEach((item) => clone.push(item));
return clone;
}
function deeplyCloneCustomObject<Value extends CustomObject>(
value: Value,
state: State
): Value {
const clone = Object.create(state.prototype);
state.cache.set(value, clone);
Object.entries(value).forEach(([k, v]) => (clone[k] = v));
return clone;
}
createStrictCopier
Create a custom copier based on the type-specific methods passed, but defaulting to the same functions normally used for copyStrict
. This is useful if you want to squeeze out better performance while maintaining strict requirements, or perform something other than a strict deep copy.
const createStrictClone = (value, clone) =>
Object.getOwnPropertyNames(value).reduce(
(clone, property) =>
Object.defineProperty(
clone,
property,
Object.getOwnPropertyDescriptor(value, property) || {
configurable: true,
enumerable: true,
value: clone[property],
writable: true,
}
),
clone
);
const copyStrictShallow = createStrictCopier({
array: (array) => createStrictClone(array, []),
map: (map) => createStrictClone(map, new Map(map.entries())),
object: (object) => createStrictClone(object, {}),
set: (set) => createStrictClone(set, new Set(set.values())),
});
NOTE: This method creates a copier that is significantly slower than copy
, as well as likely a copier created by createCopier
, so it is recommended to only use this when you have specific use-cases that require it.
The following object types are deeply cloned when they are either properties on the object passed, or the object itself:
Array
ArrayBuffer
Boolean
primitive wrappers (e.g., new Boolean(true)
)Blob
Buffer
DataView
Date
Float32Array
Float64Array
Int8Array
Int16Array
Int32Array
Map
Number
primitive wrappers (e.g., new Number(123)
)Object
RegExp
Set
String
primitive wrappers (e.g., new String('foo')
)Uint8Array
Uint8ClampedArray
Uint16Array
Uint32Array
React
componentsThe following object types are copied directly, as they are either primitives, cannot be cloned, or the common use-case implementation does not expect cloning:
AsyncFunction
Boolean
primitivesError
Function
GeneratorFunction
Number
primitivesNull
Promise
String
primitivesSymbol
Undefined
WeakMap
WeakSet
Circular objects are supported out of the box. By default, a cache based on WeakSet
is used, but if WeakSet
is not available then a fallback is used. The benchmarks quoted below are based on use of WeakSet
.
Inherently, what is considered a valid copy is subjective because of different requirements and use-cases. For this library, some decisions were explicitly made for the default copiers of specific object types, and those decisions are detailed below. If your use-cases require different handling, you can always create your own custom copier with createCopier
or createStrictCopier
.
*Error
objectWhile it would be relatively trivial to copy over the message and stack to a new object of the same Error
subclass, it is a common practice to "override" the message or stack, and copies would not retain this mutation. As such, the original reference is copied.
Starting in ES2015, native globals can be subclassed like any custom class. When copying, we explicitly reuse the constructor of the original object. However, the expectation is that these subclasses would have the same constructur signature as their native base class. This is a common community practice, but there is the possibility of inaccuracy if the contract differs.
Generator objects are specific types of iterators, but appear like standard objects that just have a few methods (next
, throw
, return
). These methods are bound to the internal state of the generator, which cannot be copied effectively. Normally this would be treated like other "uncopiable" objects and simply pass the reference through, however the "validation" of whether it is a generator object or a standard object is not guaranteed (duck-typing) and there is a runtime cost associated with. Therefore, the simplest path of treating it like a standard object (copying methods to a new object) was taken.
Small number of properties, all values are primitives
Operations / second | |
---|---|
@npmtuanmap/velit-esse-velit-magnam | 5,880,312 |
lodash.cloneDeep | 2,706,261 |
clone | 2,207,231 |
deepclone | 1,274,810 |
fast-clone | 1,239,952 |
ramda | 1,146,152 |
@npmtuanmap/velit-esse-velit-magnam (strict) | 852,382 |
Large number of properties, values are a combination of primitives and complex objects
Operations / second | |
---|---|
@npmtuanmap/velit-esse-velit-magnam | 162,858 |
ramda | 142,104 |
deepclone | 133,607 |
fast-clone | 101,143 |
clone | 70,872 |
@npmtuanmap/velit-esse-velit-magnam (strict) | 62,961 |
lodash.cloneDeep | 62,060 |
Very large number of properties with high amount of nesting, mainly objects and arrays
Operations / second | |
---|---|
@npmtuanmap/velit-esse-velit-magnam | 303 |
fast-clone | 245 |
deepclone | 151 |
lodash.cloneDeep | 150 |
clone | 93 |
@npmtuanmap/velit-esse-velit-magnam (strict) | 90 |
ramda | 42 |
Objects that deeply reference themselves
Operations / second | |
---|---|
@npmtuanmap/velit-esse-velit-magnam | 2,420,466 |
deepclone | 1,386,896 |
ramda | 1,024,108 |
lodash.cloneDeep | 989,796 |
clone | 987,721 |
@npmtuanmap/velit-esse-velit-magnam (strict) | 617,602 |
fast-clone | 0 (not supported) |
Custom constructors, React components, etc
Operations / second | |
---|---|
@npmtuanmap/velit-esse-velit-magnam | 152,792 |
clone | 74,347 |
fast-clone | 66,576 |
lodash.cloneDeep | 64,760 |
ramda | 53,542 |
deepclone | 28,823 |
@npmtuanmap/velit-esse-velit-magnam (strict) | 21,362 |
Standard practice, clone the repo and yarn
(or npm i
) to get the dependencies. The following npm scripts are available:
build:esm
, build:cjs
, build:umd
, and build:min
scriptsrimraf
on the dist
folderclean
and build
scriptssrc
folder (also runs on dev
script)lint
script, but with auto-fixerlint
, test:coverage
, and dist
scriptsprepublishOnly
and release with new versionprepublishOnly
and release with new beta versionprepublishOnly
and simulate a new releasedev
test
foldertest
with code coverage calculation via nyc
test
but keep persistent watchertsc
on the codebaseFAQs
Unknown package
The npm package @npmtuanmap/velit-esse-velit-magnam receives a total of 352 weekly downloads. As such, @npmtuanmap/velit-esse-velit-magnam popularity was classified as not popular.
We found that @npmtuanmap/velit-esse-velit-magnam demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.