Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The 'd' npm package is a utility for defining property descriptors for JavaScript objects. It is often used to create properties with specific characteristics such as being non-enumerable, writable, or configurable, and can be used in object property definition contexts where you want more control over how properties behave.
Defining non-enumerable properties
This code sample demonstrates how to define a non-enumerable property 'foo' with the value 'bar'. The property will not show up in for-in loops or Object.keys() calls.
{"foo": d('bar')}
Defining writable and configurable properties
This code sample shows how to define a property 'foo' that is both writable and configurable with the value 'bar'. This means the property value can be changed and the property descriptor can be modified after the initial definition.
{"foo": d(true, 'bar')}
Defining a getter and setter
This code sample illustrates defining a property 'foo' with a getter and setter function. The getter function returns the value of '_foo', and the setter function assigns the new value to '_foo'.
{"foo": d.gs(function() { return this._foo; }, function(value) { this._foo = value; })}
The 'define-property' npm package is similar to 'd' in that it is used to define a new property on an object with a given descriptor. It is a simpler and smaller utility that might be preferred for its minimalistic approach, but 'd' offers a more fluent and feature-rich API.
Originally derived from d package.
Defining properties with descriptors is very verbose:
var Account = function () {};
Object.defineProperties(Account.prototype, {
deposit: {
value: function () { /* ... */ },
configurable: true,
enumerable: false,
writable: true
},
withdraw: {
value: function () { /* ... */ },
configurable: true,
enumerable: false,
writable: true
},
balance: { get: function () { /* ... */ }, configurable: true, enumerable: false }
});
D cuts that to:
var d = require("d");
var Account = function () {};
Object.defineProperties(Account.prototype, {
deposit: d(function () { /* ... */ }),
withdraw: d(function () { /* ... */ }),
balance: d.gs(function () { /* ... */ })
});
By default, created descriptor follow characteristics of native ES5 properties, and defines values as:
{ configurable: true, enumerable: false, writable: true }
You can overwrite it by preceding value argument with instruction:
d("c", value); // { configurable: true, enumerable: false, writable: false }
d("ce", value); // { configurable: true, enumerable: true, writable: false }
d("e", value); // { configurable: false, enumerable: true, writable: false }
// Same way for get/set:
d.gs("e", value); // { configurable: false, enumerable: true }
$ npm install d
To port it to Browser or any other (non CJS) environment, use your favorite CJS bundler. No favorite yet? Try: Browserify, Webmake or Webpack
Define methods which will be automatically bound to its instances
var d = require('d');
var autoBind = require('d/auto-bind');
var Foo = function () { this._count = 0; };
Object.defineProperties(Foo.prototype, autoBind({
increment: d(function () { ++this._count; });
}));
var foo = new Foo();
// Increment foo counter on each domEl click
domEl.addEventListener('click', foo.increment, false);
Define lazy properties, which will be resolved on first access
var d = require("d");
var lazy = require("d/lazy");
var Foo = function () {};
Object.defineProperties(Foo.prototype, lazy({ items: d(function () { return []; }) }));
var foo = new Foo();
foo.items.push(1, 2); // foo.items array created and defined directly on foo
$ npm test
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
FAQs
Property descriptor factory
The npm package d receives a total of 8,222,996 weekly downloads. As such, d popularity was classified as popular.
We found that d demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.