defaults-deep-safe
Advanced tools
Changelog
Readme
A deep version of _.defaults(object, [sources]), safe by default by deep cloning each source. Arrays are not merged.
Install the package via npm:
❯ npm install defaults-deep-safe
object (Object): The destination object.[source] (...Object): The source objects.(Object): Returns the destination object.
const defaultsDeep = require('defaults-deep-safe');
const object = { foo: 'bar', bar: { biz: { net: 'qux' } }, qux: ['biz'] };
const source = { bar: { biz: { net: 'txi', qox: 'fuc' } }, qux: ['baz'] };
defaultsDeep(object, source);
// => { foo: 'bar', bar: { biz: { net: 'qux', qox: 'fuc' } }, qux: ['biz'] }
Or as a lodash mixin:
const _ = require('lodash');
_.mixin({
defaultsDeep: require('defaults-deep-safe')
});
_.defaultsDeep(object, [sources]);
This module is perfect for merging config/settings files and to safely handle options by avoiding changing objects by reference.
Here's a quick example demonstrating why using _.defaults may not be a safe operation:
const foo = { a: 1, c: 2 };
const bar = { b: new Date(), d: { e: 'f' } };
const result = require('lodash').defaults(foo, bar);
require('assert')(bar.b === result.b);
// => true
require('assert')(bar.d === result.d);
// => true
result.d.g = 'h';
console.log(bar.d);
// => { e: 'f', g: 'h' }
Using defaults-deep-safe:
const foo = { a: 1, c: 2 };
const bar = { b: new Date(), d: { e: 'f' } };
const result = require('defaults-deep-safe')(foo, bar);
require('assert')(bar.b === result.b);
// => AssertionError: false == true
require('assert')(bar.d === result.d);
// => AssertionError: false == true
result.d.g = 'h';
console.log(bar.d);
// => { e: 'f' }
❯ npm test
MIT
FAQs
A deep version of _.defaults, safe by default.
The npm package defaults-deep-safe receives a total of 1 weekly downloads. As such, defaults-deep-safe popularity was classified as not popular.
We found that defaults-deep-safe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.
Security News
This episode of the Risky Biz podcast discusses how the rise of small open source packages and the shift towards individual maintainers makes the ecosystem more vulnerable to supply chain attacks.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.