Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
deep-chain
deep-chain is a helper function that makes it easier to read properties from deeply nested data structures.
It operates in a safe way, meaning that it doesn't throw errors at all, even when reading property from null or undefined entry. Additionally, it allows to find certain array element by specifying an optional predicate function or matching object.
See Usage section for more details.
Installation
$ npm install deep-chain
Usage
Consider the following example. We have a bookstore that sells many books and each book has a single author.
import { deep } from 'deep-chain';
const bookstore = {
books: [
{
id: 1,
title: 'Romeo and Juliet',
author: {
id: 1,
name: 'William Shakespeare'
}
},
{
id: 2,
title: 'The Double',
author: {
id: 2,
name: 'Fyodor Dostoevsky'
}
},
{
id: 3,
title: 'Fahrenheit 451',
author: {
id: 3,
name: 'Ray Bradbury'
}
}
]
};
// Allows to read nested property.
deep(bookstore).books[1].author.name.retrieve(); // -> 'Fyodor Dostoevsky'
// Does not throw when reading from non-existent properties.
deep(bookstore).books[100].author.name.retrieve(); // -> undefined
// Allows to find array element by matching object.
deep(bookstore).books({ id: 3 }).name.retrieve(); // -> 'Fahrenheit 451'
// Allows to find array element by predicate function.
deep(bookstore)
.books((book) => book.author.name === 'William Shakespeare')
.name
.retrieve(); // -> 'Romeo and Juliet'
Retrieving properties with reserved names
Currently these property names are reserved and return functions to perform certain action:
- get
- retrieve
- filter
- find
These functions don't have retrieve method at the moment, therefore it's not possible to retrieve a property with reserved name using this short syntax:
import { deep } from 'deep-chain';
const nestedObject = {
test: {
get: 1,
retrieve: 2,
filter: 3,
find: 4
}
};
deep(nestedObject).test.get.retrieve(); // -> Will throw TypeError
deep(nestedObject).test.retrieve.retrieve(); // -> Will throw TypeError
deep(nestedObject).test.filter.retrieve(); // -> Will throw TypeError
deep(nestedObject).test.find.retrieve(); // -> Will throw TypeError
However, you can retrieve them by using get method like that:
deep(nestedObject).test.get('get').retrieve(); // -> 1
deep(nestedObject).test.get('retrieve').retrieve(); // -> 2
deep(nestedObject).test.get('filter').retrieve(); // -> 3
deep(nestedObject).test.get('find').retrieve(); // -> 4
FAQs
Helper to retrieve nested property value.
We found that deep-chain demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 24 May 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026