The es5-shim package is a JavaScript library that provides compatibility shims so that legacy JavaScript engines behave as closely as possible to ECMAScript 5 (ES5). This is particularly useful for supporting older browsers that do not implement all ES5 features natively.
Array methods
Provides ES5 array methods like map, filter, and reduce which might not be available in older JavaScript engines.
[1, 2, 3].map(function(n) { return n + 1; })Function.prototype.bind
Implements Function.prototype.bind, allowing functions to have their this value and initial arguments pre-set.
var boundFunc = function(a, b) { return a + b; }.bind(null, 1); boundFunc(2);Object methods
Adds missing Object methods such as keys, which returns an array of a given object's own enumerable property names.
Object.keys({a: 1, b: 2})String methods
Includes String.prototype methods like trim, which removes whitespace from both ends of a string.
'hello'.trim()Date methods
Provides shims for Date methods like now, which returns the number of milliseconds elapsed since January 1, 1970 00:00:00 UTC.
Date.now()A modular standard library for JavaScript, core-js includes polyfills for ECMAScript up to 2021. It covers more features than es5-shim, including promises, symbols, collections, iterators, typed arrays, and many other features of ECMAScript 2015 and beyond.
Part of Babel's suite, babel-polyfill includes a custom regenerator runtime and core-js. This package is more comprehensive than es5-shim as it supports new ES6 features and beyond, making it suitable for applications needing high compatibility with new ECMAScript standards.
Provides compatibility shims so that legacy JavaScript engines behave as closely as possible to ES5.
This package requires quite a bit more attention and testing. It is not likely to behave as advertised in a large cross-section of browsers.
"As closely as possible to ES5" is not very close. Many of these shims are intended only to allow code to be written to ES5 without causing run-time errors in older engines. In many cases, this means that these shims cause many ES5 methods to silently fail. Decide carefully whether this is what you want.
The tests are written with the Jasmine BDD test framework. To run the tests, navigate to /tests/.
In order to run against the shim-code, the tests attempt to kill the current implementation of the missing methods. This happens in /tests/helpers/h-kill.js. So in order to run the tests against the build-in methods, invalidate that file somehow (comment-out, delete the file, delete the script-tag, etc.).
/?\ Object.create
For the case of simply "begetting" an object that inherits prototypically from another, this should work fine across legacy engines.
/!\ Object.create(null) will work only in browsers that support prototype assignment. This creates an object that does not have any properties inherited from Object.prototype. It will silently fail otherwise.
/!\ The second argument is passed to Object.defineProperties which will probably fail silently.
/?\ Object.getPrototypeOf
This will return "undefined" in some cases. It uses proto if it's available. Failing that, it uses constructor.prototype, which depends on the constructor property of the object's prototype having not been replaced. If your object was created like this, it won't work:
function Foo() {
}
Foo.prototype = {};
Because the prototype reassignment destroys the constructor property.
This will work for all objects that were created using
Object.create implemented with this library.
/!\ Object.getOwnPropertyNames
This method uses Object.keys, so it will not be accurate on legacy engines.
Object.isSealed
Returns "false" in all legacy engines for all objects, which is conveniently guaranteed to be accurate.
Object.isFrozen
Returns "false" in all legacy engines for all objects, which is conveniently guaranteed to be accurate.
/!\ Object.getOwnPropertyDescriptor
The behavior of this shim does not conform to ES5. It should probably not be used at this time, until its behavior has been reviewed and been confirmed to be useful in legacy engines.
/!\ Object.defineProperty
This method will silently fail to set "writable", "enumerable", and "configurable" properties.
Providing a getter or setter with "get" or "set" on a descriptor will silently fail on engines that lack "defineGetter" and "defineSetter", which include all versions of IE up to version 8 so far.
IE 8 provides a version of this method but it only works on DOM objects. Thus, the shim will not get installed and attempts to set "value" properties will fail silently on non-DOM objects.
https://github.com/kriskowal/es5-shim/issues#issue/5
/!\ Object.defineProperties
This uses the Object.defineProperty shim
Object.seal
Silently fails on all legacy engines. This should be fine unless you are depending on the safty and security provisions of this method, which you cannot possibly obtain in legacy engines.
Object.freeze
Silently fails on all legacy engines. This should be fine unless you are depending on the safty and security provisions of this method, which you cannot possibly obtain in legacy engines.
Object.preventExtensions
Silently fails on all legacy engines. This should be fine unless you are depending on the safty and security provisions of this method, which you cannot possibly obtain in legacy engines.
/!\ Object.isExtensible
Returns "true". This is probably wildly innacurate. This method should be reviewed before it's used.
FAQs
ECMAScript 5 compatibility shims for legacy JavaScript engines
The npm package es5-shim receives a total of 1,057,183 weekly downloads. As such, es5-shim popularity was classified as popular.
We found that es5-shim demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.