Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
deepmerge-ts
Advanced tools
The deepmerge-ts package is a TypeScript library designed to deeply merge two or more objects. It ensures type safety and is particularly useful for complex nested objects where shallow merging would not suffice.
Basic Deep Merge
This feature allows you to deeply merge two objects. In this example, obj1 and obj2 are merged such that the nested properties are combined.
const deepmerge = require('deepmerge-ts').default;
const obj1 = { a: 1, b: { c: 2 } };
const obj2 = { b: { d: 3 } };
const result = deepmerge(obj1, obj2);
console.log(result); // { a: 1, b: { c: 2, d: 3 } }
Array Merge
This feature allows you to merge arrays within objects. In this example, the arrays in obj1 and obj2 are concatenated.
const deepmerge = require('deepmerge-ts').default;
const obj1 = { a: [1, 2, 3] };
const obj2 = { a: [4, 5] };
const result = deepmerge(obj1, obj2);
console.log(result); // { a: [1, 2, 3, 4, 5] }
Custom Merge Function
This feature allows you to define custom merge functions for specific keys. In this example, the custom merge function concatenates arrays for the key 'a'.
const deepmerge = require('deepmerge-ts').default;
const customMerge = (key, options) => {
if (key === 'a') {
return (a, b) => a.concat(b);
}
return undefined;
};
const obj1 = { a: [1, 2, 3], b: { c: 2 } };
const obj2 = { a: [4, 5], b: { d: 3 } };
const result = deepmerge(obj1, obj2, { customMerge });
console.log(result); // { a: [1, 2, 3, 4, 5], b: { c: 2, d: 3 } }
The deepmerge package is a popular library for deep merging objects in JavaScript. It is similar to deepmerge-ts but does not provide TypeScript type safety out of the box.
Lodash is a utility library that offers a wide range of functions, including deep merging with lodash.merge. While it is versatile and widely used, it is a larger library compared to deepmerge-ts, which is more specialized.
The merge-deep package is another library for deep merging objects. It is simpler and less feature-rich compared to deepmerge-ts, focusing solely on deep merging without additional customization options.
Any donations would be much appreciated. 😄
deepmerge-ts
is available as part of the Tidelift Subscription.
Tidelift is working with the maintainers of deepmerge-ts
and a growing network of open source maintainers to ensure
your open source software supply chain meets enterprise standards now and into the future.
Learn more.
# Install with npm
npm install deepmerge-ts
# Install with pnpm
pnpm add deepmerge-ts
# Install with yarn
yarn add deepmerge-ts
# Install with bun
bun add deepmerge-ts
# Install in a node project
npx jsr add @rebeccastevens/deepmerge
# Install in a deno project
deno add jsr:@rebeccastevens/deepmerge
# Install in a bun project
bunx jsr add @rebeccastevens/deepmerge
import { deepmerge } from "deepmerge-ts";
const x = {
record: {
prop1: "value1",
prop2: "value2",
},
array: [1, 2, 3],
set: new Set([1, 2, 3]),
map: new Map([
["key1", "value1"],
["key2", "value2"],
]),
};
const y = {
record: {
prop1: "changed",
prop3: "value3",
},
array: [2, 3, 4],
set: new Set([2, 3, 4]),
map: new Map([
["key2", "changed"],
["key3", "value3"],
]),
};
const z = {
record: {
prop1: undefined,
prop3: undefined,
prop2: undefined,
prop4: undefined,
},
array: undefined,
set: undefined,
map: undefined,
};
const merged = deepmerge(x, y, z);
console.log(merged);
// Prettierfied output:
//
// Object {
// "record": Object {
// "prop1": "changed",
// "prop2": "value2",
// "prop3": "value3",
// "prop4": undefined,
// },
// "array": Array [1, 2, 3, 2, 3, 4],
// "set": Set { 1, 2, 3, 4 },
// "map": Map {
// "key1" => "value1",
// "key2" => "changed",
// "key3" => "value3",
// },
// }
You can try out this example at codesandbox.io.
You can use deepmergeInto
if you want to update a target object with the merge result instead of creating a new
object.
This function is best used with objects that are all of the same type.
Note: If the target object's type differs from the input objects, we'll assert that the target's type has changed
(this is not done automatically with deepmergeIntoCustom
).
We provide a customizer function for each of our main deepmerge functions: deepmergeCustom
and deepmergeIntoCustom
.
You can use these to customize the details of how values should be merged together.
See deepmerge custom docs for more details.
We use smart merging instead of the classic merging strategy which some alternative libraries use. This vastly improves performance, both in execution time and memory usage.
With classic merging, each input is merged with the next input until all inputs are merged.
This strategy has large performance issues when lots of items need to be merged.
With our smart merging, we look ahead to see what can be merged and only merge those things.
In addition to performance improvements, this strategy merges multiple inputs at once; allowing for benefits such as taking averages of the inputs.
See API docs.
FAQs
Deeply merge 2 or more objects respecting type information.
The npm package deepmerge-ts receives a total of 908,189 weekly downloads. As such, deepmerge-ts popularity was classified as popular.
We found that deepmerge-ts demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.