Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
The es5-ext package is a collection of ECMAScript 5 extensions. It provides polyfills for some of the newer ECMAScript features, as well as additional utility functions that enhance the JavaScript standard library.
Array polyfills and extensions
Adds new methods to the Array prototype, such as 'contains', which checks if an array includes a certain element.
[1, 2, 3].contains(2)
Object polyfills and extensions
Introduces new functions to work with objects, like 'isObject', which determines if a value is an object.
Object.isObject({})
String polyfills and extensions
Provides additional methods for strings, for instance, 'startsWith', which checks if a string starts with the specified characters.
'hello'.startsWith('he')
Function polyfills and extensions
Enhances functions with extra capabilities such as 'noop', which is an empty function that does nothing.
(function () {}).noop()
Number polyfills and extensions
Offers new properties and methods for numbers, like 'isFinite', which checks if a value is a finite number.
Number.isFinite(Infinity)
Core-js is a modular standard library for JavaScript, which includes polyfills for ECMAScript up to 2021. It's more comprehensive than es5-ext, covering a wider range of ECMAScript features.
Lodash is a utility library that provides a lot of the same functionality as es5-ext, such as working with arrays, objects, and functions. It is known for its performance and consistency across browsers.
Underscore.js is a utility library that offers similar functionality to es5-ext, with a focus on functional programming. It's often compared to lodash, and while it has many of the same functions, it has a smaller footprint.
Shims for upcoming ES6 standard and other goodies implemented strictly with ECMAScript conventions in mind.
It's designed to be used in compliant ECMAScript 5 or ECMAScript 6 environments. Older environments are not supported, although most of the features should work with correct ECMAScript 5 shim on board.
When used in ECMAScript 6 environment, native implementation (if valid) takes precedence over shims.
npm install es5-ext
To port it to Browser or any other (non CJS) environment, use your favorite CJS bundler. No favorite yet? Try: Browserify, Webmake or Webpack
You can force ES6 features to be implemented in your environment, e.g. following will assign from
function to Array
(only if it's not implemented already).
require("es5-ext/array/from/implement");
Array.from("foo"); // ['f', 'o', 'o']
You can also access shims directly, without fixing native objects. Following will return native Array.from
if it's available and fallback to shim if it's not.
var aFrom = require("es5-ext/array/from");
aFrom("foo"); // ['f', 'o', 'o']
If you want to use shim unconditionally (even if native implementation exists) do:
var aFrom = require("es5-ext/array/from/shim");
aFrom("foo"); // ['f', 'o', 'o']
It's about properties introduced with ES6 and those that have been updated in new spec.
Array.from
-> require('es5-ext/array/from')
Array.of
-> require('es5-ext/array/of')
Array.prototype.concat
-> require('es5-ext/array/#/concat')
Array.prototype.copyWithin
-> require('es5-ext/array/#/copy-within')
Array.prototype.entries
-> require('es5-ext/array/#/entries')
Array.prototype.fill
-> require('es5-ext/array/#/fill')
Array.prototype.filter
-> require('es5-ext/array/#/filter')
Array.prototype.find
-> require('es5-ext/array/#/find')
Array.prototype.findIndex
-> require('es5-ext/array/#/find-index')
Array.prototype.keys
-> require('es5-ext/array/#/keys')
Array.prototype.map
-> require('es5-ext/array/#/map')
Array.prototype.slice
-> require('es5-ext/array/#/slice')
Array.prototype.splice
-> require('es5-ext/array/#/splice')
Array.prototype.values
-> require('es5-ext/array/#/values')
Array.prototype[@@iterator]
-> require('es5-ext/array/#/@@iterator')
Math.acosh
-> require('es5-ext/math/acosh')
Math.asinh
-> require('es5-ext/math/asinh')
Math.atanh
-> require('es5-ext/math/atanh')
Math.cbrt
-> require('es5-ext/math/cbrt')
Math.clz32
-> require('es5-ext/math/clz32')
Math.cosh
-> require('es5-ext/math/cosh')
Math.exmp1
-> require('es5-ext/math/expm1')
Math.fround
-> require('es5-ext/math/fround')
Math.hypot
-> require('es5-ext/math/hypot')
Math.imul
-> require('es5-ext/math/imul')
Math.log1p
-> require('es5-ext/math/log1p')
Math.log2
-> require('es5-ext/math/log2')
Math.log10
-> require('es5-ext/math/log10')
Math.sign
-> require('es5-ext/math/sign')
Math.signh
-> require('es5-ext/math/signh')
Math.tanh
-> require('es5-ext/math/tanh')
Math.trunc
-> require('es5-ext/math/trunc')
Number.EPSILON
-> require('es5-ext/number/epsilon')
Number.MAX_SAFE_INTEGER
-> require('es5-ext/number/max-safe-integer')
Number.MIN_SAFE_INTEGER
-> require('es5-ext/number/min-safe-integer')
Number.isFinite
-> require('es5-ext/number/is-finite')
Number.isInteger
-> require('es5-ext/number/is-integer')
Number.isNaN
-> require('es5-ext/number/is-nan')
Number.isSafeInteger
-> require('es5-ext/number/is-safe-integer')
Object.assign
-> require('es5-ext/object/assign')
Object.keys
-> require('es5-ext/object/keys')
Object.setPrototypeOf
-> require('es5-ext/object/set-prototype-of')
Promise.prototype.finally
-> require('es5-ext/promise/#/finally')
RegExp.prototype.match
-> require('es5-ext/reg-exp/#/match')
RegExp.prototype.replace
-> require('es5-ext/reg-exp/#/replace')
RegExp.prototype.search
-> require('es5-ext/reg-exp/#/search')
RegExp.prototype.split
-> require('es5-ext/reg-exp/#/split')
RegExp.prototype.sticky
-> Implement with require('es5-ext/reg-exp/#/sticky/implement')
, use as function with require('es5-ext/reg-exp/#/is-sticky')
RegExp.prototype.unicode
-> Implement with require('es5-ext/reg-exp/#/unicode/implement')
, use as function with require('es5-ext/reg-exp/#/is-unicode')
String.fromCodePoint
-> require('es5-ext/string/from-code-point')
String.raw
-> require('es5-ext/string/raw')
String.prototype.codePointAt
-> require('es5-ext/string/#/code-point-at')
String.prototype.contains
-> require('es5-ext/string/#/contains')
String.prototype.endsWith
-> require('es5-ext/string/#/ends-with')
String.prototype.normalize
-> require('es5-ext/string/#/normalize')
String.prototype.repeat
-> require('es5-ext/string/#/repeat')
String.prototype.startsWith
-> require('es5-ext/string/#/starts-with')
String.prototype[@@iterator]
-> require('es5-ext/string/#/@@iterator')
es5-ext provides also other utils, and implements them as if they were proposed for a standard. It mostly offers methods (not functions) which can directly be assigned to native prototypes:
Object.defineProperty(Function.prototype, "partial", {
value: require("es5-ext/function/#/partial"),
configurable: true,
enumerable: false,
writable: true
});
Object.defineProperty(Array.prototype, "flatten", {
value: require("es5-ext/array/#/flatten"),
configurable: true,
enumerable: false,
writable: true
});
Object.defineProperty(String.prototype, "capitalize", {
value: require("es5-ext/string/#/capitalize"),
configurable: true,
enumerable: false,
writable: true
});
See es5-extend, a great utility that automatically will extend natives for you.
Important: Remember to not extend natives in scope of generic reusable packages (e.g. ones you intend to publish to npm). Extending natives is fine only if you're the owner of the global scope, so e.g. in final project you lead development of.
When you're in situation when native extensions are not good idea, then you should use methods indirectly:
var flatten = require("es5-ext/array/#/flatten");
flatten.call([1, [2, [3, 4]]]); // [1, 2, 3, 4]
for better convenience you can turn methods into functions:
var call = Function.prototype.call;
var flatten = call.bind(require("es5-ext/array/#/flatten"));
flatten([1, [2, [3, 4]]]); // [1, 2, 3, 4]
You can configure custom toolkit (like underscorejs), and use it throughout your application
var util = {};
util.partial = call.bind(require("es5-ext/function/#/partial"));
util.flatten = call.bind(require("es5-ext/array/#/flatten"));
util.startsWith = call.bind(require("es5-ext/string/#/starts-with"));
util.flatten([1, [2, [3, 4]]]); // [1, 2, 3, 4]
As with native ones most methods are generic and can be run on any type of object.
Object that represents global scope
Introduced with ECMAScript 6. Returns array representation of iterable or arrayLike. If arrayLike is an instance of array, its copy is returned.
Generate an array of pre-given length built of repeated arguments.
Returns true if object is plain array (not instance of one of the Array's extensions).
Introduced with ECMAScript 6. Create an array from given arguments.
Returns array representation of obj
. If obj
is already an array, obj
is returned back.
Returns obj
if it's an array, otherwise throws TypeError
In sorted list search for index of item for which compareFn returns value closest to 0. It's variant of binary search algorithm
Clears the array
Returns a copy of the context with all non-values (null
or undefined
) removed.
Updated with ECMAScript 6.
ES6's version of concat
. Supports isConcatSpreadable
symbol, and returns array of same type as the context.
Whether list contains the given value.
Returns the array of elements that are present in context list but not present in other list.
egal version of indexOf
method. SameValueZero logic is used for comparision
egal version of lastIndexOf
method. SameValueZero logic is used for comparision
Introduced with ECMAScript 6. Returns iterator object, which traverses the array. Each value is represented with an array, where first value is an index and second is corresponding to index value.
Returns the array of elements that are found only in one of the lists (either context list or list provided in arguments).
Updated with ECMAScript 6.
ES6's version of filter
, returns array of same type as the context.
Introduced with ECMAScript 6. Return first element for which given function returns true
Introduced with ECMAScript 6. Return first index for which given function returns true
Returns value for first defined index
Returns first declared index of the array
Returns flattened version of the array
forEach
starting from last element
Group list elements by value returned by cb function
Returns array of all indexes of given value
Computes the array of values that are the intersection of all lists (context list and lists given in arguments)
Returns true if both context and other lists have same content
Returns true if all values in array are unique
Introduced with ECMAScript 6. Returns iterator object, which traverses all array indexes.
Returns value of last defined index
Returns last defined index of the array
Updated with ECMAScript 6.
ES6's version of map
, returns array of same type as the context.
Remove values from the array
Returns array with items separated with sep
value
Updated with ECMAScript 6.
ES6's version of slice
, returns array of same type as the context.
some
starting from last element
Updated with ECMAScript 6.
ES6's version of splice
, returns array of same type as the context.
Returns duplicate-free version of the array
Introduced with ECMAScript 6. Returns iterator object which traverses all array values.
Introduced with ECMAScript 6. Returns iterator object which traverses all array values.
Whether value is boolean
Whether value is date instance
If given object is not date throw TypeError in other case return it.
Returns a copy of the date object
Returns number of days of date's month
Sets the date time to 00:00:00.000
Sets date day to 1 and date time to 00:00:00.000
Sets date month to 0, day to 1 and date time to 00:00:00.000
Formats date up to given string. Supported patterns:
%Y
- Year with century, 1999, 2003%y
- Year without century, 99, 03%m
- Month, 01..12%d
- Day of the month 01..31%H
- Hour (24-hour clock), 00..23%M
- Minute, 00..59%S
- Second, 00..59%L
- Milliseconds, 000..999Creates custom error object, optinally extended with code
and other extension properties (provided with ext
object)
Whether value is an error (instance of Error
).
If given object is not error throw TypeError in other case return it.
Throws error
Some of the functions were inspired by Functional JavaScript project by Olivier Steele
Returns a constant function that returns pregiven argument
k(x)(y) =def x
Identity function. Returns first argument
i(x) =def x
Returns a function that takes an object as an argument, and applies object's name method to arguments. name can be name of the method or method itself.
invoke(name, …args)(object, …args2) =def object[name](…args, …args2)
Whether value is arguments object
Whether value is instance of function
No operation function
Returns a function that takes an object, and returns the value of its name property
pluck(name)(obj) =def obj[name]
If given object is not function throw TypeError in other case return it.
Some of the methods were inspired by Functional JavaScript project by Olivier Steele
Applies the functions in reverse argument-list order.
f1.compose(f2, f3, f4)(…args) =def f1(f2(f3(f4(…arg))))
compose
can also be used in plain function form as:
compose(f1, f2, f3, f4)(…args) =def f1(f2(f3(f4(…arg))))
Produces copy of given function
Invoking the function returned by this function only n arguments are passed to the underlying function. If the underlying function is not saturated, the result is a function that passes all its arguments to the underlying function. If n is not provided then it defaults to context function length
f.curry(4)(arg1, arg2)(arg3)(arg4) =def f(arg1, args2, arg3, arg4)
Returns a function that applies the underlying function to args, and ignores its own arguments.
f.lock(…args)(…args2) =def f(…args)
Named after it's counterpart in Google Closure
Returns a function that returns boolean negation of value returned by underlying function.
f.not()(…args) =def !f(…args)
Returns a function that when called will behave like context function called with initially passed arguments. If more arguments are suplilied, they are appended to initial args.
f.partial(…args1)(…args2) =def f(…args1, …args2)
Returns a function that applies underlying function with first list argument
f.match()(args) =def f.apply(null, args)
Serializes function into two (arguments and body) string tokens. Result is plain object with args
and body
properties.
The difference between 1 and the smallest value greater than 1 that is representable as a Number value, which is approximately 2.2204460492503130808472633361816 x 10-16.
Introduced with ECMAScript 6. Whether value is finite. Differs from global isNaN that it doesn't do type coercion.
Introduced with ECMAScript 6. Whether value is integer.
Introduced with ECMAScript 6. Whether value is NaN. Differs from global isNaN that it doesn't do type coercion.
Whether given value is number
Introduced with ECMAScript 6. The value of Number.MAX_SAFE_INTEGER is 9007199254740991.
Introduced with ECMAScript 6. The value of Number.MIN_SAFE_INTEGER is -9007199254740991 (253-1).
Converts value to integer
Converts value to positive integer. If provided value is less than 0, then 0 is returned
Converts value to unsigned 32 bit integer. This type is used for array lengths. See: http://www.2ality.com/2012/02/js-integers.html
Pad given number with zeros. Returns string
Introduced with ECMAScript 6. Extend target by enumerable own properties of other objects. If properties are already set on target object, they will be overwritten.
Remove all enumerable own properties of the object
Returns copy of the object with all enumerable properties that have no falsy values
Universal cross-type compare function. To be used for e.g. array sort.
Returns copy of the object with all enumerable properties.
Returns deep copy of the object with all enumerable properties.
Counts number of enumerable own properties on object
Object.create
alternative that provides workaround for V8 issue.
When null
is provided as a prototype, it's substituted with specially prepared object that derives from Object.prototype but has all Object.prototype properties shadowed with undefined.
It's quirky solution that allows us to have plain objects with no truthy properties but with turnable prototype.
Use only for objects that you plan to switch prototypes of and be aware of limitations of this workaround.
Whether two values are equal, using SameValueZero algorithm.
Analogous to Array.prototype.every. Returns true if every key-value pair in this object satisfies the provided testing function.
Optionally compareFn can be provided which assures that keys are tested in given order. If provided compareFn is equal to true
, then order is alphabetical (by key).
Analogous to Array.prototype.filter. Returns new object with properites for which cb function returned truthy value.
Returns first enumerable key of the object, as keys are unordered by specification, it can be any key of an object.
Returns new object, with flatten properties of input object
flatten({ a: { b: 1 }, c: { d: 1 } }) =def { b: 1, d: 1 }
Analogous to Array.prototype.forEach. Calls a function for each key-value pair found in object
Optionally compareFn can be provided which assures that properties are iterated in given order. If provided compareFn is equal to true
, then order is alphabetical (by key).
Get all (not just own) property names of the object
Whether two values are equal, using SameValue algorithm.
Whether object is array-like object
Two values are considered a copy of same value when all of their own enumerable properties have same values.
Deep comparision of objects
True if object doesn't have any own enumerable property
Whether value is not primitive
Whether object is plain object, its protototype should be Object.prototype and it cannot be host object.
Search object for value
Updated with ECMAScript 6.
ES6's version of keys
, doesn't throw on primitive input
Analogous to Array.prototype.map. Creates a new object with properties which values are results of calling a provided function on every key-value pair in this object.
Create new object with same values, but remapped keys
Extend target by all own properties of other objects. Properties found in both objects will be overwritten (unless they're not configurable and cannot be overwritten). It was for a moment part of ECMAScript 6 draft.
Extends target, with all source and source's prototype properties.
Useful as an alternative for setPrototypeOf
in environments in which it cannot be shimmed (no __proto__
support).
Normalizes options object into flat plain object.
Useful for functions in which we either need to keep options object for future reference or need to modify it for internal use.
options
object back (always a copy is created)options
can be undefined in such case empty plain object is returned.Creates null
prototype based plain object, and sets on it all property names provided in arguments to true.
Safe navigation of object properties. See http://wiki.ecmascript.org/doku.php?id=strawman:existential_operator
Serialize value into string. Differs from JSON.stringify that it serializes also dates, functions and regular expresssions.
Introduced with ECMAScript 6.
If native version is not provided, it depends on existence of __proto__
functionality, if it's missing, null
instead of function is exposed.
Analogous to Array.prototype.some Returns true if any key-value pair satisfies the provided
testing function.
Optionally compareFn can be provided which assures that keys are tested in given order. If provided compareFn is equal to true
, then order is alphabetical (by key).
Creates an array of results of calling a provided function on every key-value pair in this object.
Optionally compareFn can be provided which assures that results are added in given order. If provided compareFn is equal to true
, then order is alphabetical (by key).
Userializes value previously serialized with serialize
If given object is not callable throw TypeError in other case return it.
Throws error if given value is not an object, otherwise it is returned.
Throws error if given value is null
or undefined
, otherwise returns value.
Introduced with ECMAScript 2018.
Escapes string to be used in regular expression
Whether object is regular expression
If object is regular expression it is returned, otherwise TypeError is thrown.
Whether regular expression has sticky
flag.
It's to be used as counterpart to regExp.sticky if it's not implemented.
Whether regular expression has unicode
flag.
It's to be used as counterpart to regExp.unicode if it's not implemented.
Introduced with ECMAScript 6.
It's a getter, so only implement
and is-implemented
modules are provided.
Introduced with ECMAScript 6.
It's a getter, so only implement
and is-implemented
modules are provided.
Creates format method. It's used e.g. to create Date.prototype.format
method
Whether object is string
Returns randomly generated id, with guarantee of local uniqueness (no same id will be returned twice)
Proposed for ECMAScript 6/7 standard, but not (yet) in a draft
Returns a string at given position in Unicode-safe manner. Based on implementation by Mathias Bynens.
Convert camelCase string to hyphen separated, e.g. one-two-three -> oneTwoThree. Useful when converting names from js property convention into filename convention.
Capitalize first character of a string
Case insensitive compare
Based on implementation by Mathias Bynens.
Whether string contains given string.
Introduced with ECMAScript 6. Whether strings ends with given string
Convert hyphen separated string to camelCase, e.g. one-two-three -> oneTwoThree. Useful when converting names from filename convention to js property name convention.
Indents each line with provided str (if count given then str is repeated count times).
Return last character
Introduced with ECMAScript 6. Returns the Unicode Normalization Form of a given string. Based on Matsuza's version. Code used for integrated shim can be found at github.com/walling/unorm
Pad string with fill. If length si given than fill is reapated length times. If length is negative then pad is applied from right.
Introduced with ECMAScript 6. Repeat given string n times
Simple replace
version. Doesn't support regular expressions. Replaces just first occurrence of search string. Doesn't support insert patterns, therefore it is safe to replace text with text obtained programmatically (there's no need for additional $ characters escape in such case).
Simple replace
version. Doesn't support regular expressions. Replaces all occurrences of search string. Doesn't support insert patterns, therefore it is safe to replace text with text obtained programmatically (there's no need for additional $ characters escape in such case).
Introduced with ECMAScript 6. Whether strings starts with given string
Introduced with ECMAScript 6. Returns iterator object which traverses all string characters (with respect to unicode symbols)
$ npm test
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
Available as part of the Tidelift Subscription
The maintainers of es5-ext and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
FAQs
ECMAScript extensions and shims
The npm package es5-ext receives a total of 9,424,082 weekly downloads. As such, es5-ext popularity was classified as popular.
We found that es5-ext demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.