Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
class-transformer
Advanced tools
Proper decorator-based transformation / serialization / deserialization of plain javascript objects to class constructors
The class-transformer package allows developers to transform plain object to class instances and vice versa. It also provides ways to serialize and deserialize object based on class definitions and handle custom transformations.
Plain to class transformation
Transforms a plain object to an instance of the class, allowing for easier manipulation and access to class methods.
import { plainToClass } from 'class-transformer';
class User {
id: number;
firstName: string;
lastName: string;
}
const plain = { id: 1, firstName: 'John', lastName: 'Doe' };
const userInstance = plainToClass(User, plain);
Class to plain transformation
Transforms a class instance back into a plain object, which is useful for preparing objects for storage or transfer.
import { classToPlain } from 'class-transformer';
class User {
id: number;
firstName: string;
lastName: string;
}
const userInstance = new User();
userInstance.id = 1;
userInstance.firstName = 'John';
userInstance.lastName = 'Doe';
const plain = classToPlain(userInstance);
Custom transformation
Allows for custom transformations using decorators to apply specific logic during the transformation process.
import { Transform, plainToClass } from 'class-transformer';
class User {
id: number;
@Transform(({ value }) => value.toUpperCase())
firstName: string;
}
const plain = { id: 1, firstName: 'John' };
const userInstance = plainToClass(User, plain);
Serialization and deserialization
Provides methods to serialize a class instance to JSON and deserialize JSON back to a class instance.
import { serialize, deserialize, Deserialize } from 'class-transformer';
class User {
id: number;
firstName: string;
lastName: string;
}
const userInstance = new User();
userInstance.id = 1;
userInstance.firstName = 'John';
userInstance.lastName = 'Doe';
const json = serialize(userInstance);
const deserializedUser = deserialize(User, json);
While class-validator is designed for validation of class instances, it is often used in conjunction with class-transformer. It does not provide transformation capabilities but offers a way to validate the properties of an object based on class decorators.
Joi is a powerful schema description language and data validator for JavaScript. Unlike class-transformer, Joi focuses on validation but does not offer class transformation features. It is often used for validating data structures, especially in API request validation.
Its ES6 and Typescript era. Nowadays you are working with classes and constructor objects more then ever. Class-transformer allows you to transform plain object to some instance of class and versa. Also it allows to serialize / deserialize object based on criteria. This tool is super useful on both frontend and backend.
Example how to use with angular 2 in plunker. Source code is available here.
In JavaScript there are two types of objects:
Plain objects are objects that are instances of Object
class.
Sometimes they are called literal objects, when created via {}
notation.
Class objects are instances of classes with own defined constructor, properties and methods.
Usually you define them via class
notation.
So, what is the problem?
Sometimes you want to transform plain javascript object to the ES6 classes you have.
For example, if you are loading a json from your backend, some api or from a json file,
and after you JSON.parse
it you have a plain javascript object, not instance of class you have.
For example you have a list of users in your users.json
that you are loading:
[{
"id": 1,
"firstName": "Johny",
"lastName": "Cage",
"age": 27
},
{
"id": 2,
"firstName": "Ismoil",
"lastName": "Somoni",
"age": 50
},
{
"id": 3,
"firstName": "Luke",
"lastName": "Dacascos",
"age": 12
}]
And you have a User
class:
export class User {
id: number;
firstName: string;
lastName: string;
age: number;
getName() {
return this.firstName + " " + this.lastName;
}
isAdult() {
return this.age > 36 && this.age < 60;
}
}
You are assuming that you are downloading users of type User
from users.json
file and may want to write
following code:
fetch("users.json").then((users: User[]) => {
// you can use users here, and type hinting also will be available to you,
// but users are not actually instances of User class
// this means that you can't use methods of User class
});
In this code you can use users[0].id
, you can also use users[0].firstName
and users[0].lastName
.
However you cannot use users[0].getName()
or users[0].isAdult()
because "users" actually is
array of plain javascript objects, not instances of User object.
You actually lied to compiler when you said that its users: User[]
.
So what to do? How to make a users
array of instances of User
objects instead of plain javascript objects?
Solution is to create new instances of User object and manually copy all properties to new objects.
But things may go wrong very fast once you have a more complex object hierarchy.
Alternatives? Yes, you can use class-transformer. Purpose of this library is to help you to map you plain javascript objects to the instances of classes you have.
This library also great for models exposed in your APIs, because it provides a great tooling to control what your models are exposing in your API. Here is example how it will look like:
fetch("users.json").then((users: Object[]) => {
const realUsers = plainToClass(users);
// now each user in realUsers is instance of User class
});
Now you can use users[0].getName()
and users[0].isAdult()
methods.
Install module:
npm install class-transformer --save
reflect-metadata
shim is required, install it too:
npm install reflect-metadata --save
and make sure to import it in a global place, like app.ts:
import "reflect-metadata";
ES6 features are used, if you are using old version of node.js you may need to install es6-shim:
npm install es6-shim --save
and import it in a global place like app.ts:
import "es6-shim";
Install module:
npm install class-transformer --save
reflect-metadata
shim is required, install it too:
npm install reflect-metadata --save
add <script>
to reflect-metadata in the head of your index.html
:
<html>
<head>
<!-- ... -->
<script src="node_modules/reflect-metadata/Reflect.js"></script>
</head>
<!-- ... -->
</html>
If you are using angular 2 you should already have this shim installed.
If you are using system.js you may want to add this into map
and package
config:
{
"map": {
"class-transformer": "node_modules/class-transformer"
},
"packages": {
"class-transformer": { "main": "index.js", "defaultExtension": "js" }
}
}
This method transforms a plain javascript object to instance of specific class.
import {plainToClass} from "class-transformer";
let users = plainToClass(User, userJson); // to convert user plain object a single user. also supports arrays
This method transforms your class object back to plain javascript object, that can be JSON.stringify
later.
import {classToPlain} from "class-transformer";
let photo = classToPlain(photo);
This method transforms your class object into new instance of the class object. This maybe treated as deep clone of your objects.
import {classToClass} from "class-transformer";
let photo = classToClass(photo);
You can also use a ignoreDecorators
option in transformation options to ignore all decorators you classes is using.
You can serialize your model right to the json using serialize
method:
import {serialize} from "class-transformer";
let photo = serialize(photo);
serialize
works with both arrays and non-arrays.
You can deserialize your model to from a json using deserialize
method:
import {deserialize} from "class-transformer";
let photo = deserialize(Photo, photo);
To make deserialization to work with arrays use deserializeArray
method:
import {deserializeArray} from "class-transformer";
let photos = deserializeArray(Photo, photos);
When you are trying to transform objects that have nested objects,
its required to known what type of object you are trying to transform.
Since Typescript does not have good reflection abilities yet,
we should implicitly specify what type of object each property contain.
This is done using @Type
decorator.
Lets say we have an album with photos. And we are trying to convert album plain object to class object:
import {Type, plainToClass} from "class-transformer";
export class Album {
id: number;
name: string;
@Type(() => Photo)
photos: Photo[];
}
export class Photo {
id: number;
filename: string;
}
let album = plainToClass(Album, albumJson);
// now album is Album object with Photo objects inside
You can expose what your getter or method return by setting a @Expose()
decorator to those getters or methods:
import {Expose} from "class-transformer";
export class User {
id: number;
firstName: string;
lastName: string;
password: string;
@Expose()
get name() {
return this.firstName + " " + this.lastName;
}
@Expose()
getFullName() {
return this.firstName + " " + this.lastName;
}
}
If you want to expose some of properties with a different name,
you can do it by specifying a name
option to @Expose
decorator:
import {Expose} from "class-transformer";
export class User {
@Expose({ name: "uid" })
id: number;
firstName: string;
lastName: string;
@Expose({ name: "secretKey" })
password: string;
@Expose({ name: "fullName" })
getFullName() {
return this.firstName + " " + this.lastName;
}
}
Sometimes you want to skip some properties during transformation.
This can be done using @Exclude
decorator:
import {Exclude} from "class-transformer";
export class User {
id: number;
email: string;
@Exclude()
password: string;
}
Now when you transform a User, password
property will be skipped and not be included in the transformed result.
You can control on what operation you will exclude a property. Use toClassOnly
or toPlainOnly
options:
import {Exclude} from "class-transformer";
export class User {
id: number;
email: string;
@Exclude({ toPlainOnly: true })
password: string;
}
Now password
property will be excluded only during classToPlain
operation. Oppositely, use toClassOnly
option.
You can skip all properties of the class, and expose only those are needed explicitly:
import {Exclude, Expose} from "class-transformer";
@Exclude()
export class User {
@Expose()
id: number;
@Expose()
email: string;
password: string;
}
Now id
and email
will be exposed, and password will be excluded during transformation.
Alternatively, you can set exclusion strategy during transformation:
import {classToPlain} from "class-transformer";
let photo = classToPlain(photo, { strategy: "excludeAll" });
In this case you don't need to @Exclude()
a whole class.
If you name your private properties with a prefix, lets say with _
,
then you can exclude such properties from transformation too:
import {classToPlain} from "class-transformer";
let photo = classToPlain(photo, { excludePrefixes: ["_"] });
This will skip all properties that start with _
prefix.
You can pass any number of prefixes and all properties that begin with these prefixes will be ignored.
For example:
import {Expose} from "class-transformer";
export class User {
id: number;
private _firstName: string;
private _lastName: string;
_password: string;
setName(firstName: string, lastName: string) {
this._firstName = firstName;
this._lastName = lastName;
}
@Expose()
get name() {
return this.firstName + " " + this.lastName;
}
}
const user = new User();
user.id = 1;
user.setName("Johny", "Cage");
user._password = 123;
const plainUser = classToPlain(user, { excludePrefixes: ["_"] });
// here plainUser will be equal to
// { id: 1, name: "Johny Cage" }
You can use groups to control what data will be exposed and what will not be:
import {Exclude, Expose} from "class-transformer";
@Exclude()
export class User {
id: number;
name: string;
@Expose({ groups: ["user", "admin"] }) // this means that this data will be exposed only to users and admins
email: string;
@Expose({ groups: ["user"] }) // this means that this data will be exposed only to users
password: string;
}
import {classToPlain} from "class-transformer";
let user1 = classToPlain(user, { groups: ["user"] }); // will contain id, name, email and password
let user2 = classToPlain(user, { groups: ["admin"] }); // will contain id, name and email
If you are building an API that has different versions, class-transformer has extremely useful tools for that. You can control which properties of your model should be exposed or excluded in what version. Example:
import {Exclude, Expose} from "class-transformer";
@Exclude()
export class User {
id: number;
name: string;
@Expose({ since: 0.7, until: 1 }) // this means that this property will be exposed for version starting from 0.7 until 1
email: string;
@Expose({ since: 2.1 }) // this means that this property will be exposed for version starting from 2.1
password: string;
}
import {classToPlain} from "class-transformer";
let user1 = classToPlain(user, { version: 0.5 }); // will contain id and name
let user2 = classToPlain(user, { version: 0.7 }); // will contain id, name and email
let user3 = classToPlain(user, { version: 1 }); // will contain id and name
let user4 = classToPlain(user, { version: 2 }); // will contain id and name
let user5 = classToPlain(user, { version: 2.1 }); // will contain id, name nad password
Sometimes you have a Date in your plain javascript object received in a string format.
And you want to create a real javascript Date object from it.
You can do it simply by passing a Date object to the @Type
decorator:
import {Type} from "class-transformer";
export class User {
id: number;
email: string;
password: string;
@Type(() => Date)
registrationDate: Date;
}
Note, that dates will be converted to strings when you'll try to convert class object to plain object.
Same technique can be used with Number
, String
, Boolean
primitive types when you want to convert your values into these types.
When you are using arrays you must provide a type of the object that array contains.
This type, you specify in a @Type()
decorator:
import {ArrayType} from "class-transformer";
export class Photo {
id: number;
name: string;
@Type(() => Album)
albums: Album[];
}
You can also use custom array types:
import {ArrayType} from "class-transformer";
export class AlbumCollection extends Array<Album> {
// custom array functions ...
}
export class Photo {
id: number;
name: string;
@Type(() => Album)
albums: AlbumCollection;
}
Library will handle proper transformation automatically.
You can perform additional data transformation using @Transform
decorator.
For example, you want to make your Date
object to be a moment
object when you are
transforming object from plain to class:
import {Transform} from "class-transformer";
import * as moment from "moment";
import {Moment} from "moment";
export class Photo {
id: number;
@Type(() => Date)
@Transform(value => moment(value), { toClassOnly: true })
date: Moment;
}
Now when you call plainToClass
and send a plain representation of the Photo object,
it will convert a date value in your photo object to moment date.
@Transform
decorator also supports groups and versioning.
The @Transform
decorator is given more arguments to let you configure how you want the transformation to be done.
@Transform((value, obj, type) => value)
Argument | Description |
---|---|
value | The property value before the transformation. |
obj | The transformation source object. |
type | The transformation type. |
Signature | Example | Description |
---|---|---|
@TransformClassToPlain | @TransformClassToPlain({ groups: ["user"] }) | Transform the method return with classToPlain and expose the properties on the class. |
@TransformClassToClass | @TransformClassToClass({ groups: ["user"] }) | Transform the method return with classToClass and expose the properties on the class. |
The above decorators accept one optional argument: ClassTransformOptions - The transform options like groups, version, name
An example:
@Exclude()
class User {
id: number;
@Expose()
firstName: string;
@Expose()
lastName: string;
@Expose({ groups: ['user.email'] })
email: string;
password: string;
}
class UserController {
@TransformClassToPlain({ groups: ['user.email'] })
getUser() {
const user = new User();
user.firstName = "Snir";
user.lastName = "Segal";
user.password = "imnosuperman";
return user;
}
}
const controller = new UserController();
const user = controller.getUser();
the user
variable will contain only firstName,lastName, email properties becuase they are
the exposed variables. email property is also exposed becuase we metioned the group "user.email".
Generics are not supported because TypeScript does not have good reflection abilities yet. Once TypeScript team provide us better runtime type reflection tools, generics will be implemented. There are some tweaks however you can use, that maybe can solve your problem. Checkout this example.
Circular references are ignored.
For example, if you are transforming class User
that contains property photos
with type of Photo
,
and Photo
contains link user
to its parent User
, then user
will be ignored during transformation.
Circular references are not ignored only during classToClass
operation.
Lets say you want to download users and want them automatically to be mapped to the instances of User
class.
import {plainToClass} from "class-transformer";
this.http
.get("users.json")
.map(res => res.json())
.map(res => plainToClass(User, res as Object[]))
.subscribe(users => {
// now "users" is type of User[] and each user has getName() and isAdult() methods available
console.log(users);
});
You can also inject a class ClassTransformer
as a service in providers
, and use its methods.
Example how to use with angular 2 in plunker. Source code is here.
Take a look on samples in ./sample for more examples of usages.
See information about breaking changes and release notes here.
0.1.10
FAQs
Proper decorator-based transformation / serialization / deserialization of plain javascript objects to class constructors
The npm package class-transformer receives a total of 4,018,501 weekly downloads. As such, class-transformer popularity was classified as popular.
We found that class-transformer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.