Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@sindresorhus/is
Advanced tools
The @sindresorhus/is npm package is a type-checking library that provides a variety of functions to assert the type of a given value. It can be used to check primitive types, built-in objects, and to perform environment checks.
Primitive type checking
Check if a value is a string.
const is = require('@sindresorhus/is');
console.log(is.string('Hello World')); // true
Built-in object checking
Check if a value is a Promise.
const is = require('@sindresorhus/is');
console.log(is.promise(new Promise(resolve => resolve()))); // true
Environment checking
Check if the current environment is Node.js.
const is = require('@sindresorhus/is');
console.log(is.nodejs); // true or false depending on the environment
Array checking
Check if a value is an Array.
const is = require('@sindresorhus/is');
console.log(is.array([1, 2, 3])); // true
Object checking
Check if a value is an Object.
const is = require('@sindresorhus/is');
console.log(is.object({foo: 'bar'})); // true
Type-check offers a more granular and customizable approach to type checking, allowing users to define custom type expressions and check values against them. It is more flexible but also more complex than @sindresorhus/is.
Check-types is a library that provides a set of predicates for type checking. It is similar to @sindresorhus/is but offers a slightly different API and additional functions for assertions and throwing errors.
Type check values
For example, is.string('🦄') //=> true
npm install @sindresorhus/is
const is = require('@sindresorhus/is');
is('🦄');
//=> 'string'
is(new Map());
//=> 'Map'
is.number(6);
//=> true
Assertions perform the same type checks, but throw an error if the type does not match.
const {assert} = require('@sindresorhus/is');
assert.string(2);
//=> Error: Expected value which is `string`, received value of type `number`.
And with TypeScript:
import {assert} from '@sindresorhus/is';
assert.string(foo);
// `foo` is now typed as a `string`.
Returns the type of value
.
Primitives are lowercase and object types are camelcase.
Example:
'undefined'
'null'
'string'
'symbol'
'Array'
'Function'
'Object'
Note: It will throw an error if you try to feed it object-wrapped primitives, as that's a bad practice. For example new String('foo')
.
All the below methods accept a value and returns a boolean for whether the value is of the desired type.
Note: TypeScript users must use .null_()
because of a TypeScript naming limitation.
Note: is.number(NaN)
returns false
. This intentionally deviates from typeof
behavior to increase user-friendliness of is
type checks.
Returns true if value
is an array and all of its items match the assertion (if provided).
is.array(value); // Validate `value` is an array.
is.array(value, is.number); // Validate `value` is an array and all of its items are numbers.
Note: TypeScript users must use .function_()
because of a TypeScript naming limitation.
Keep in mind that functions are objects too.
Returns true
for a string that represents a number satisfying is.number
, for example, '42'
and '-8.3'
.
Note: 'NaN'
returns false
, but 'Infinity'
and '-Infinity'
return true
.
Returns true
for any object with a .then()
and .catch()
method. Prefer this one over .nativePromise()
as you usually want to allow userland promise implementations too.
Returns true
for any object that implements its own .next()
and .throw()
methods and has a function definition for Symbol.iterator
.
Returns true
for any async
function that can be called with the await
operator.
is.asyncFunction(async () => {});
//=> true
is.asyncFunction(() => {});
//=> false
is.asyncGenerator(
(async function * () {
yield 4;
})()
);
//=> true
is.asyncGenerator(
(function * () {
yield 4;
})()
);
//=> false
is.asyncGeneratorFunction(async function * () {
yield 4;
});
//=> true
is.asyncGeneratorFunction(function * () {
yield 4;
});
//=> false
Returns true
for any bound
function.
is.boundFunction(() => {});
//=> true
is.boundFunction(function () {}.bind(null));
//=> true
is.boundFunction(function () {});
//=> false
TypeScript-only. Returns true
if value
is a member of enum
.
enum Direction {
Ascending = 'ascending',
Descending = 'descending'
}
is.enumCase('ascending', Direction);
//=> true
is.enumCase('other', Direction);
//=> false
Returns true
if the value is a string
and the .length
is 0.
Returns true
if is.emptyString(value)
or if it's a string
that is all whitespace.
Returns true
if the value is a string
and the .length
is more than 0.
Returns true
if the value is a string
that is not empty and not whitespace.
const values = ['property1', '', null, 'property2', ' ', undefined];
values.filter(is.nonEmptyStringAndNotWhitespace);
//=> ['property1', 'property2']
Returns true
if the value is an Array
and the .length
is 0.
Returns true
if the value is an Array
and the .length
is more than 0.
Returns true
if the value is an Object
and Object.keys(value).length
is 0.
Please note that Object.keys
returns only own enumerable properties. Hence something like this can happen:
const object1 = {};
Object.defineProperty(object1, 'property1', {
value: 42,
writable: true,
enumerable: false,
configurable: true
});
is.emptyObject(object1);
//=> true
Returns true
if the value is an Object
and Object.keys(value).length
is more than 0.
Returns true
if the value is a Set
and the .size
is 0.
Returns true
if the value is a Set
and the .size
is more than 0.
Returns true
if the value is a Map
and the .size
is 0.
Returns true
if the value is a Map
and the .size
is more than 0.
Returns true
if value
is a direct instance of class
.
is.directInstanceOf(new Error(), Error);
//=> true
class UnicornError extends Error {}
is.directInstanceOf(new UnicornError(), Error);
//=> false
Returns true
if value
is an instance of the URL
class.
const url = new URL('https://example.com');
is.urlInstance(url);
//=> true
Returns true
if value
is a URL string.
Note: this only does basic checking using the URL
class constructor.
const url = 'https://example.com';
is.urlString(url);
//=> true
is.urlString(new URL(url));
//=> false
Returns true
for all values that evaluate to true in a boolean context:
is.truthy('🦄');
//=> true
is.truthy(undefined);
//=> false
Returns true
if value
is one of: false
, 0
, ''
, null
, undefined
, NaN
.
JavaScript primitives are as follows: null
, undefined
, string
, number
, boolean
, symbol
.
Returns true
if value
is a safe integer.
An object is plain if it's created by either {}
, new Object()
, or Object.create(null)
.
Returns true
for instances created by a class.
Note: TypeScript users must use .class_()
because of a TypeScript naming limitation.
A value
is array-like if it is not a function and has a value.length
that is a safe integer greater than or equal to 0.
is.arrayLike(document.forms);
//=> true
function foo() {
is.arrayLike(arguments);
//=> true
}
foo();
Check if value
(number) is in the given range
. The range is an array of two values, lower bound and upper bound, in no specific order.
is.inRange(3, [0, 5]);
is.inRange(3, [5, 0]);
is.inRange(0, [-2, 2]);
Check if value
(number) is in the range of 0
to upperBound
.
is.inRange(3, 10);
Returns true
if value
is a DOM Element.
Returns true
if value
is a Node.js stream.
const fs = require('fs');
is.nodeStream(fs.createReadStream('unicorn.png'));
//=> true
Returns true
if value
is an Observable
.
const {Observable} = require('rxjs');
is.observable(new Observable());
//=> true
Check if value
is Infinity
or -Infinity
.
Returns true
if value
is an even integer.
Returns true
if value
is an odd integer.
Returns true
if value
can be used as an object property key (either string
, number
, or symbol
).
Returns true
if value
is an instance of the FormData
class.
const data = new FormData();
is.formData(data);
//=> true
Returns true
if value
is an instance of the URLSearchParams
class.
const searchParams = new URLSearchParams();
is.urlSearchParams(searchParams);
//=> true
Using a single predicate
argument, returns true
if any of the input values
returns true in the predicate
:
is.any(is.string, {}, true, '🦄');
//=> true
is.any(is.boolean, 'unicorns', [], new Map());
//=> false
Using an array of predicate[]
, returns true
if any of the input values
returns true for any of the predicates
provided in an array:
is.any([is.string, is.number], {}, true, '🦄');
//=> true
is.any([is.boolean, is.number], 'unicorns', [], new Map());
//=> false
Returns true
if all of the input values
returns true in the predicate
:
is.all(is.object, {}, new Map(), new Set());
//=> true
is.all(is.string, '🦄', [], 'unicorns');
//=> false
When using is
together with TypeScript, type guards are being used extensively to infer the correct type inside if-else statements.
import is from '@sindresorhus/is';
const padLeft = (value: string, padding: string | number) => {
if (is.number(padding)) {
// `padding` is typed as `number`
return Array(padding + 1).join(' ') + value;
}
if (is.string(padding)) {
// `padding` is typed as `string`
return padding + value;
}
throw new TypeError(`Expected 'padding' to be of type 'string' or 'number', got '${is(padding)}'.`);
}
padLeft('🦄', 3);
//=> ' 🦄'
padLeft('🦄', '🌈');
//=> '🌈🦄'
The type guards are also available as type assertions, which throw an error for unexpected types. It is a convenient one-line version of the often repetitive "if-not-expected-type-throw" pattern.
import {assert} from '@sindresorhus/is';
const handleMovieRatingApiResponse = (response: unknown) => {
assert.plainObject(response);
// `response` is now typed as a plain `object` with `unknown` properties.
assert.number(response.rating);
// `response.rating` is now typed as a `number`.
assert.string(response.title);
// `response.title` is now typed as a `string`.
return `${response.title} (${response.rating * 10})`;
};
handleMovieRatingApiResponse({rating: 0.87, title: 'The Matrix'});
//=> 'The Matrix (8.7)'
// This throws an error.
handleMovieRatingApiResponse({rating: '🦄'});
The type guards and type assertions are aware of generic type parameters, such as Promise<T>
and Map<Key, Value>
. The default is unknown
for most cases, since is
cannot check them at runtime. If the generic type is known at compile-time, either implicitly (inferred) or explicitly (provided), is
propagates the type so it can be used later.
Use generic type parameters with caution. They are only checked by the TypeScript compiler, and not checked by is
at runtime. This can lead to unexpected behavior, where the generic type is assumed at compile-time, but actually is something completely different at runtime. It is best to use unknown
(default) and type-check the value of the generic type parameter at runtime with is
or assert
.
import {assert} from '@sindresorhus/is';
async function badNumberAssumption(input: unknown) {
// Bad assumption about the generic type parameter fools the compile-time type system.
assert.promise<number>(input);
// `input` is a `Promise` but only assumed to be `Promise<number>`.
const resolved = await input;
// `resolved` is typed as `number` but was not actually checked at runtime.
// Multiplication will return NaN if the input promise did not actually contain a number.
return 2 * resolved;
}
async function goodNumberAssertion(input: unknown) {
assert.promise(input);
// `input` is typed as `Promise<unknown>`
const resolved = await input;
// `resolved` is typed as `unknown`
assert.number(resolved);
// `resolved` is typed as `number`
// Uses runtime checks so only numbers will reach the multiplication.
return 2 * resolved;
}
badNumberAssumption(Promise.resolve('An unexpected string'));
//=> NaN
// This correctly throws an error because of the unexpected string value.
goodNumberAssertion(Promise.resolve('An unexpected string'));
There are hundreds of type checking modules on npm, unfortunately, I couldn't find any that fit my needs:
For the ones I found, pick 3 of these.
The most common mistakes I noticed in these modules was using instanceof
for type checking, forgetting that functions are objects, and omitting symbol
as a primitive.
instanceof
instead of this package?instanceof
does not work correctly for all types and it does not work across realms. Examples of realms are iframes, windows, web workers, and the vm
module in Node.js.
Available as part of the Tidelift Subscription.
The maintainers of @sindresorhus/is and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
FAQs
Type check values
We found that @sindresorhus/is demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.