Product
Announcing Socket Certified Patches: One-Click Fixes for Vulnerable Dependencies
A safer, faster way to eliminate vulnerabilities without updating dependencies
By Mikola Lysenko, Jordan Harband, Jonah Ghebremichael -  Nov 18, 2025
🚀 DAY 2 OF LAUNCH WEEK: Announcing Socket Certified Patches: One-Click Fixes for Vulnerable Dependencies.Learn more →
all-the-horcrux
Advanced tools
Package was removed
Sorry, it seems this package was removed from the registry
all-the-horcrux
You Know Who Striked again and split his soul into 218 Horcruxes. Find them all in your projects and destroy them. Meanwhile if you're one of the deatheaters who'd rather use his dark elder polyfills without letting your Dark Lord know, here are all his h
all-the-horcrux
You Know Who Striked again and split his soul into 218 Horcruxes. Find them all in your projects and destroy them. Meanwhile if you're one of the deatheaters who'd rather use his dark elder polyfills without letting your Dark Lord know, here are all his horcruxes bundled into a zero-dependency package. Use the dark magic without the dark lord knowing.
pnpm install all-the-horcrux
// For the death eaters
import stringPrototypeTrimstart from 'all-the-horcrux/string.prototype.trimstart';
// For literally anyone else
str.trimStart();
All the Horcruxes are listed below. If you find any of these in your project, you know what to do.
- call-bind
- has-proto
- has-property-descriptors
- get-intrinsic
- define-data-property
- has-tostringtag
- which-typed-array
- is-negative-zero
- es-define-property
- available-typed-arrays
- es-errors
- regexp.prototype.flags
- is-typed-array
- get-symbol-description
- internal-slot
- string.prototype.trimstart
- is-array-buffer
- es-set-tostringtag
- object.values
- globalthis
- typed-array-byte-offset
- typed-array-buffer
- array-buffer-byte-length
- safe-regex-test
- typed-array-length
- safe-array-concat
- arraybuffer.prototype.slice
- object.fromentries
- possible-typed-array-names
- array-includes
- is-core-module
- is-set
- is-map
- is-weakset
- which-collection
- is-weakmap
- object.groupby
- array.prototype.findlastindex
- side-channel
- object.hasown
- es-iterator-helpers
- string.prototype.matchall
- array.prototype.tosorted
- data-view-byte-length
- data-view-byte-offset
- data-view-buffer
- is-data-view
- es-shim-unscopables
- array.prototype.findlast
- function.prototype.name
- iterator.prototype
- array.prototype.flatmap
- array.prototype.flat
- has-symbols
- array.prototype.filter
- hasown
- functions-have-names
- set-function-length
- array.prototype.toreversed
- supports-preserve-symlinks-flag
- es-abstract
- string.prototype.trimend
- object.getownpropertydescriptors
- is-shared-array-buffer
- string.prototype.trim
- is-string
- set-function-name
- typed-array-byte-length
- is-bigint
- es-to-primitive
- is-symbol
- is-boolean-object
- is-number-object
- is-weakref
- tape
- which-boxed-primitive
- has-bigints
- is-regex
- define-properties
- gopd
- unbox-primitive
- es-aggregate-error
- typedarray.prototype.slice
- array.prototype.reduce
- which-builtin-type
- string.prototype.padend
- es-object-atoms
- array.prototype.map
- reflect.getprototypeof
- stop-iteration-iterator
- is-async-function
- is-finalizationregistry
- promise.prototype.finally
- es-get-iterator
- object-keys
- prop-types-exact
- asynciterator.prototype
- symbol.prototype.description
- promise.allsettled
- string.prototype.replaceall
- is-arguments
- array.prototype.foreach
- error-cause
- mock-property
- array.prototype.at
- is-callable
- disposablestack
- has-dynamic-import
- date
- array.prototype.some
- is-equal
- string.prototype.at
- util.promisify
- set.prototype.difference
- suppressed-error
- is-generator-function
- array.prototype.push
- array.prototype.join
- array.prototype.slice
- string.prototype.split
- es-create-array-iterator
- array.prototype.splice
- set.prototype.union
- array.prototype.indexof
- array.prototype.values
- set.prototype.issubsetof
- promise.withresolvers
- array.prototype.concat
- array.prototype.unshift
- set.prototype.intersection
- array.prototype.tospliced
- array.prototype.keys
- parseint
- set.prototype.symmetricdifference
- set.prototype.issupersetof
- set.prototype.isdisjointfrom
- map.groupby
- array.prototype.with
- array.prototype.grouptomap
- string.prototype.iswellformed
- string.prototype.towellformed
- array.prototype.reduceright
- array.prototype.entries
- array.prototype.copywithin
- array.prototype.lastindexof
- promise.any
- safe-bigint
- es-array-method-boxes-properly
- define-accessor-property
- has-named-captures
- has-override-mistake
- es-arraybuffer-base64
- iterate-value
- arraybuffer.prototype.transfer
- validate-exports-object
- iterate-iterator
- arraybuffer.prototype.transfertofixedlength
- string.prototype.lastindexof
- math.f16round
- string.prototype.padstart
- deprecations
- enzyme-shallow-equal
- string.prototype.trimleft
- string.prototype.trimright
- arraybuffer.prototype.detached
- is-touch-device
- well-known-symbols
- html-element-map
- es-string-html-methods
- global-cache
- private-fields
- json-file-plus
- number.prototype.toexponential
- airbnb-js-shims
- es7-shim
- object.getprototypeof
- array.prototype.every
- enzyme-adapter-utils
- npmignore
- reflect.ownkeys
- lockfile-info
- safe-publish-latest
- string.prototype.padleft
- has-package-exports
- object.defineproperties
- deep-equal-json
- make-async-function
- is-well-known-symbol
- string.prototype.padright
- intl-fallback-symbol
- jest-wrap
- has-template-literals
- has-typed-arrays
- has-private-fields
- is-boxed-primitive
- has-package-self-reference
- has-package-imports
- has-optional-chaining
- available-regexp-flags
- uglify-register
- string.prototype.substr
- math.sumprecise
- make-async-generator-function
- is-registered-symbol
- has-strict-mode
- get-dep-tree
- ls-publishers
- es-constants
- es-value-fixtures
- publishers
- require-allow-edits
- document.contains
- tape-lib
- airbnb-browser-shims
- list-exports
- react-component-variations-consumer-enzyme
- enzyme-adapter-react-16.2
- @ljharb/has-package-exports-patterns
What the hell do I do about this?
Nothing much except for self-satire if ur into that kind of dark magic.
Some analysis from my side:
Go to the root of the repo, run bun biggest-chunk.ts and scroll up to see the biggest chunks in the project. Biggest one is 1MB and has 102 exports. 2nd biggest one as 97, 3rd has 205, 4th has 149 and so on. Each chunk is made because the exports in it are used in more than one place, and collocated based on how frequetly they appear together.
This is some nerdsniping. Go serve Flitwick's detention. And don't forget, it's Levi-O-sa, not Levio-SA.
TypeScript
There is no safety on the dark side. Use the dark magic at your own risk.
License
MIT Grrrrrrrrr! Oh wait, wrong franchise?
FAQs
You Know Who Striked again and split his soul into 218 Horcruxes. Find them all in your projects and destroy them. Meanwhile if you're one of the deatheaters who'd rather use his dark elder polyfills without letting your Dark Lord know, here are all his h
We found that all-the-horcrux demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Package last updated on 29 Jun 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Reachability for Ruby Now in Beta
Reachability analysis for Ruby is now in beta, helping teams identify which vulnerabilities are truly exploitable in their applications.
By Oskar Haarklou Veileborg -  Nov 17, 2025
Research
/Security News
npm Malware Campaign Uses Adspect Cloaking to Deliver Malicious Redirects
Malicious npm packages use Adspect cloaking and fake CAPTCHAs to fingerprint visitors and redirect victims to crypto-themed scam sites.
By Olivia Brown -  Nov 17, 2025