Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
define-properties
Advanced tools
Define multiple non-enumerable properties at once. Uses `Object.defineProperty` when available; falls back to standard assignment in older engines.
The define-properties npm package is used to define new properties on an object, including any necessary descriptors. It provides a simple API to define multiple properties at once while ensuring compatibility with older JavaScript engines that may not fully support ES5.
Defining multiple properties
This feature allows you to define multiple properties on an object with their descriptors. The 'enumerable' predicate ensures that the property will only be defined if the value is truthy.
{"object": {}, "properties": {"prop1": {"value": 42, "enumerable": true}, "prop2": {"value": 'hello', "enumerable": false}}, "predicates": {"enumerable": function(val) { return !!val; }}}
Defining properties with shared descriptors
This feature allows you to define properties with a shared descriptor. The predicate function can be used to conditionally define properties based on the key or value.
{"object": {}, "propertyNames": ["prop1", "prop2"], "descriptor": {"enumerable": true}, "predicate": function(key, value) { return key === 'prop1' || value > 10; }}
This package provides a similar functionality to define-properties by allowing you to define a new property directly on an object. It is a polyfill for Object.defineProperty and is useful for ensuring compatibility with older JavaScript engines.
es5-ext is a collection of ECMAScript 5 extensions, including various shims and polyfills. It offers a broader set of functionalities compared to define-properties, which includes defining properties but also other utilities for working with objects, arrays, and functions.
Define multiple non-enumerable properties at once. Uses Object.defineProperty
when available; falls back to standard assignment in older engines.
Existing properties are not overridden. Accepts a map of property names to a predicate that, when true, force-overrides.
var define = require('define-properties');
var assert = require('assert');
var obj = define({ a: 1, b: 2 }, {
a: 10,
b: 20,
c: 30
});
assert(obj.a === 1);
assert(obj.b === 2);
assert(obj.c === 30);
if (define.supportsDescriptors) {
assert.deepEqual(Object.keys(obj), ['a', 'b']);
assert.deepEqual(Object.getOwnPropertyDescriptor(obj, 'c'), {
configurable: true,
enumerable: false,
value: 30,
writable: false
});
}
Then, with predicates:
var define = require('define-properties');
var assert = require('assert');
var obj = define({ a: 1, b: 2, c: 3 }, {
a: 10,
b: 20,
c: 30
}, {
a: function () { return false; },
b: function () { return true; }
});
assert(obj.a === 1);
assert(obj.b === 20);
assert(obj.c === 3);
if (define.supportsDescriptors) {
assert.deepEqual(Object.keys(obj), ['a', 'c']);
assert.deepEqual(Object.getOwnPropertyDescriptor(obj, 'b'), {
configurable: true,
enumerable: false,
value: 20,
writable: false
});
}
Simply clone the repo, npm install
, and run npm test
FAQs
Define multiple non-enumerable properties at once. Uses `Object.defineProperty` when available; falls back to standard assignment in older engines.
The npm package define-properties receives a total of 31,760,360 weekly downloads. As such, define-properties popularity was classified as popular.
We found that define-properties demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.