Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
deep-equal
Advanced tools
The deep-equal npm package is a library for performing deep equality checks between two values. It is useful for comparing objects, arrays, and other nested structures to determine if they are equivalent in structure and content, regardless of whether they are the same reference in memory.
Deep comparison of objects and arrays
This feature allows you to compare objects and arrays to see if they are structurally identical, even if they are different instances.
const deepEqual = require('deep-equal');
const obj1 = { a: 1, b: { c: 1 } };
const obj2 = { a: 1, b: { c: 1 } };
console.log(deepEqual(obj1, obj2)); // true
Comparison with custom options
This feature allows you to specify options for the comparison, such as strict mode, which requires the values to be of the same type as well.
const deepEqual = require('deep-equal');
const obj1 = { a: 1 };
const obj2 = { a: '1' };
const options = { strict: true };
console.log(deepEqual(obj1, obj2, options)); // false
Lodash provides a method called isEqual which can perform deep comparisons between two values. It is part of the larger Lodash utility library, which offers a wide range of functions for manipulating and comparing data.
This package offers a fast deep equality comparison algorithm. It is known for its performance and is a good choice when speed is a critical factor.
Node's assert.deepEqual() algorithm
as a standalone module, that also works in browser environments.
It mirrors the robustness of node's own assert.deepEqual
and is robust against later builtin modification.
var equal = require('deep-equal');
console.dir([
equal(
{ a : [ 2, 3 ], b : [ 4 ] },
{ a : [ 2, 3 ], b : [ 4 ] }
),
equal(
{ x : 5, y : [6] },
{ x : 5, y : 6 }
)
]);
var deepEqual = require('deep-equal')
Compare objects a
and b
, returning whether they are equal according to a recursive equality algorithm.
If opts.strict
is true
, use strict equality (===
) to compare leaf nodes.
The default is to use coercive equality (==
) because that's how assert.deepEqual()
works by default.
With npm do:
npm install deep-equal
With npm do:
npm test
v2.2.3 - 2023-11-08
c90525f
e02cadb
@ljharb/eslint-config
, auto-changelog
, aud
, eslint
, set-publish-latest
, tape
11bd45b
.github
from default branch 58885d3
b0bca9a
nyc
for coverage e25bc37
1d58c6e
Buffer.from
when available f0d4a42
has-proto
0263fb9
is-arguments
, is-date-object
, is-regex
, object-is
, regexp.prototype.flags
80c15ca
engines.node
e1d08a8
npmignore
to autogenerate an npmignore file e0770e5
is-date-object
, is-regex
, object-is
, regexp.prototype.flags
e4fb8c6
3798ff4
call-bind
, regexp.prototype.flags
, which-typed-array
540e3a1
eslint
, @ljharb/eslint-config
, tape
0f8ca75
197a220
object.getownpropertydescriptors
, tape
21851a6
semver
, tape
dd440b2
engines.node
e158993
.gitignore
from default branch 6ee186b
get-intrinsic
6da4b86
tape
6ada1ab
tape
270d34b
a269c18
030a63f
which-typed-array
2f0c327
Buffer.from
when it has a length of > 1 f7e5776
FAQs
node's assert.deepEqual algorithm
The npm package deep-equal receives a total of 18,071,196 weekly downloads. As such, deep-equal popularity was classified as popular.
We found that deep-equal demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.