Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
babel-plugin-replace-object-assign
Advanced tools
Allows you to replace Object.assign with simple polyfill
Replaces Object.assign
with a polyfill.
Also, this plugin will import an external package in files where Object.assign
is used rather than redeclaring the function in each file (which should help reduce bundle size). This is ultimately what babel-plugin-transform-runtime does for you when using the _extends
helper.
The implementation you configure is specified as a npm package dependency.
Most likely you do not and should not use this plugin! I initially wrote this plugin due to a bug in Chrome where key order was not gaurenteed to be correct for objects mutated with Object.assign
(the issue is also described at sindresorhus/object-assign#22).
While the bug did not cause problems for most projects, it did causes problems for a project I was helping maintain (Material-UI). We heavily used Object.assign
to merge style definitions that were defined in javascript objects. Since key order is important when defining CSS style rules, the Object.assign
implementation built into Chrome caused many style related bugs. This plugin allowed us to completely replace all uses of Object.assign
within our source code with an implementation that did not break in Chrome (with the expectation that we would stop using this plugin when the bug was fixed and rolled out to a majority of Chrome users).
The bug in Chrome has been fixed for quite some time now (it was fixed in Chrome 49), so this plugin is no longer necessary for the purpose it was originally created for. We have also stopped using this plugin for Material-UI. Please carefully consider the necessity and implications of replacing all of your Object.assign
calls before using this plugin. If you are not sure if you need this, feel free to open an issue to discuss it.
# Install the plugin
$ npm install babel-plugin-replace-object-assign
.babelrc
{
"plugins": [
["replace-object-assign"]
]
}
In
Object.assign(a, b);
Out
var _objectAssign2 = function(target) {
for (var i = 1; i < arguments.length; i++) {
var source = arguments[i];
for (var key in source) {
if (Object.prototype.hasOwnProperty.call(source, key)) {
target[key] = source[key];
}
}
}
return target;
};
_objectAssign(a, b)
FAQs
Allows you to replace Object.assign with simple polyfill
We found that babel-plugin-replace-object-assign demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.