Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Take a nested Javascript object and flatten it, or unflatten an object with delimited keys
The flat npm package allows for flattening and unflattening complex nested objects and arrays in JavaScript. It can be used to convert deeply nested objects into a single level object with dot-separated keys, or to expand a flat object with dot-separated keys back into a nested structure. This can be particularly useful when dealing with data that needs to be stored in a format that doesn't support nested structures, such as certain databases, or when you need to simplify the structure of data for processing or transmission.
Flatten
Converts a nested object into a flat object with dot-separated keys. In the code sample, the 'flatten' method is used to transform the 'original' object into a single-level 'flattened' object with keys like 'b.c' and 'b.d.e'.
{"original": {"a": 1, "b": {"c": 2, "d": {"e": 3}}}, "flattened": flat.flatten({"a": 1, "b": {"c": 2, "d": {"e": 3}}})}
Unflatten
Converts a flat object with dot-separated keys back into a nested object. In the code sample, the 'unflatten' method is used to transform the 'flattened' object back into its original nested structure.
{"flattened": {"a": 1, "b.c": 2, "b.d.e": 3}, "unflattened": flat.unflatten({"a": 1, "b.c": 2, "b.d.e": 3})}
Lodash is a utility library that offers a wide range of functions for manipulating objects and collections. It includes methods like '_.get' and '_.set' which can be used to manipulate nested paths in objects, similar to how 'flat' can flatten and unflatten objects. However, lodash is a much larger library with a broader scope of functionality beyond just flattening and unflattening.
Deepdash is an extension for lodash that adds deep operations on objects and arrays. It provides methods for deep manipulation of nested structures, which can be seen as an alternative to 'flat' for certain use cases. Deepdash focuses on deep operations, while 'flat' specifically focuses on flattening and unflattening objects.
Take a nested Javascript object and flatten it, or unflatten an object with delimited keys.
$ npm install flat
Flattens the object - it'll return an object one level deep, regardless of how nested the original object was:
var flatten = require('flat')
flatten({
key1: {
keyA: 'valueI'
},
key2: {
keyB: 'valueII'
},
key3: { a: { b: { c: 2 } } }
})
// {
// 'key1.keyA': 'valueI',
// 'key2.keyB': 'valueII',
// 'key3.a.b.c': 2
// }
Flattening is reversible too, you can call flatten.unflatten()
on an object:
var unflatten = require('flat').unflatten
unflatten({
'three.levels.deep': 42,
'three.levels': {
nested: true
}
})
// {
// three: {
// levels: {
// deep: 42,
// nested: true
// }
// }
// }
Use a custom delimiter for (un)flattening your objects, instead of .
.
When enabled, both flat
and unflatten
will preserve arrays and their
contents. This is disabled by default.
var flatten = require('flat')
flatten({
this: [
{ contains: 'arrays' },
{ preserving: {
them: 'for you'
}}
]
}, {
safe: true
})
// {
// 'this': [
// { contains: 'arrays' },
// { preserving: {
// them: 'for you'
// }}
// ]
// }
When enabled, arrays will not be created automatically when calling unflatten, like so:
unflatten({
'hello.you.0': 'ipsum',
'hello.you.1': 'lorem',
'hello.other.world': 'foo'
}, { object: true })
// hello: {
// you: {
// 0: 'ipsum',
// 1: 'lorem',
// },
// other: { world: 'foo' }
// }
When enabled, existing keys in the unflattened object may be overwritten if they cannot hold a newly encountered nested value:
unflatten({
'TRAVIS': 'true',
'TRAVIS_DIR': '/home/travis/build/kvz/environmental'
}, { overwrite: true })
// TRAVIS: {
// DIR: '/home/travis/build/kvz/environmental'
// }
Without overwrite
set to true
, the TRAVIS
key would already have been set to a string, thus could not accept the nested DIR
element.
This only makes sense on ordered arrays, and since we're overwriting data, should be used with care.
Maximum number of nested objects to flatten.
var flatten = require('flat')
flatten({
key1: {
keyA: 'valueI'
},
key2: {
keyB: 'valueII'
},
key3: { a: { b: { c: 2 } } }
}, { maxDepth: 2 })
// {
// 'key1.keyA': 'valueI',
// 'key2.keyB': 'valueII',
// 'key3.a': { b: { c: 2 } }
// }
flat
is also available as a command line tool. You can run it with
npx
:
npx flat foo.json
Or install the flat
command globally:
npm i -g flat && flat foo.json
Accepts a filename as an argument:
flat foo.json
Also accepts JSON on stdin:
cat foo.json | flat
FAQs
Take a nested Javascript object and flatten it, or unflatten an object with delimited keys
We found that flat demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.