Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
@sailshq/lodash
Advanced tools
Readme
A fork of Lodash 3.10.x with ongoing maintenance from the Sails core team.
This repo will only be updated when there are immediate, material issues affecting expected usage, like this one. Our goal is to diverge as little as possible, and to encourage the use of Lodash 4 and above whenever possible. This repo is really just for us, and anyone else who really likes Lodash 3 exactly the way it is.
In other words, there will never be any new methods or options added to Lodash on this fork, and consequently there will be no minor version or major version bumps from this fork-- only patches.
Sails <=v0.12 users:
This is the version of Lodash exposed as a default global (
_
) in Sails apps prior to Sails v1.0....but Sails v1.0 changes that.
If your app is using Sails v1.0 or above, or if you are on <=0.12, but are not using the Lodash global, then you needn't worry about this package-- it is used interally in Sails, but does not touch userland code in your application unless you
require
it -- e.g. from your config/globals.js file. Click here to learn about how the Lodash global works in Sails v1.0.On the other hand, if your app is using Sails <=0.12 and you are using the Lodash global:
- Click here for usage docs
- Click here to see how to disable that global and use your own version of Lodash.
_.isFunction()
properly detect arrow functions (()=>{}
) and AsyncFunctions (async function(){}
or async ()=>{}
)To report a bug, click here.
Please observe the guidelines and conventions laid out in the Sails project contribution guide when opening issues or submitting pull requests.
Lodash is free and open source under the MIT License.
All ad hoc additions in this repo are also MIT-licensed, copyright © 2017 The Sails Company.
The Sails framework is free and open-source under the MIT License.
FAQs
Unknown package
We found that @sailshq/lodash demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.