Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
defaults-extender
Advanced tools
Fast, tiny and useful utility to extend options against defaults.
$ npm install defaults-extender
Easily extend object A with object B with a few fancy features. for example:
let's say you are building a command-line interface (CLI) and you have have something like this:
$ mycli --option.enabled true
but what you really want to do is.. if the user only sends --option true
set the property enabled to true
.
if you are to tackle with the command parser itself you end up with a "if else" hell in your file... or you start to create names like --optionEnabled true
...
what if you could so something like this:
const extend = require('defaults-extender')
//or const { extend } = require('defaults-extender')
const defaults = {
options: {
enabled: false,
format: 'jpg',
size: 1024
}
}
let options = { options : true };
let result = extend(defaults, options);
// result in
result = {
options: {
enabled: true,
format: 'jpg',
size: 1024
}
}
so, all what you need to do is specify your defaults, and adhere to it, it will be how your final output will look like. for example this will not work:
const defaults = {
options: false
}
let options = {
options: {
enabled: true
}
}
let result = extend(defaults, options);
console.log(result.options.enabled) // undefined
To run the test suite, first install the dependencies, then run npm test
:
$ npm install && npm test
To build from github, first clone this repo locally then run npm run build
:
$ npm run build
FAQs
A different approach for extending Options against Defaults.
The npm package defaults-extender receives a total of 0 weekly downloads. As such, defaults-extender popularity was classified as not popular.
We found that defaults-extender demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.