Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
get-own-property-symbols
Advanced tools
This is a widely compatible, mobile-friendly, and zero dependencies polyfill for Object.getOwnPropertySymbols
.
var getOwnPropertySymbols = require('get-own-property-symbols');
var o = {};
var s = Symbol();
o[s] = 123;
Object.getOwnPropertyNames(o); // []
getOwnPropertySymbols(o); // [s]
// same as
Object.getOwnPropertySymbols(o);// [s]
This module brings in a global Symbol
initializer too, together with Symbol.for
and Symbol.keyFor
methods.
var s = Symbol.for('me');
Symbol.for('me') === s; // true
Symbol.keyFor(s); // 'me'
Common symbols like iterator
are also defined including the Array.prototype[Symbol.iterator]
and the String.prototype[Symbol.iterator]
method.
// this is the equivalent of a for/of in ES6
var iterator = [1,2,3][Symbol.iterator]();
var result;
while (!(result = iterator.next()).done) {
console.log(result.value); // 1 then 2 and then 3
}
// this is the equivalent of a for/of in ES6
var iterator = '😺😲'[Symbol.iterator]();
var result;
while (!(result = iterator.next()).done) {
console.log(result.value); // '😺' first and '😲' after
}
It is also possible to simply copy same iterator for any other iterable collection.
There are few things developers need to know about Symbol
partial polyfills. Here a quick summary.
null
ObjectsThis polyfill will not work with null
objects, and even if it's possible to make it work it's not worth the hassle.
var o = Object.create(null); // or {__proto__: null}
var s = Symbol();
o[s] = 123;
// not set as Symbol, just as generic key
Object.keys(o); // [s]
typeof
gotchaIt is not possible to overwrite native typeof
operator and while it returns symbol
with native support, since version 0.5.0
it returns object
when polyfilled.
This is not perfect, but at least it's simple to distinguish between Symbols and regular properties in list of mixed properties collections.
Symbol.for
and Symbol.keyFor
can't be shimmed cross-realm. To be extra fair, Symbol
should never be used cross-realm unless natively supported.
Symbol
native ?Since it's not possible to overwrite typeof
, a check against typeof key === "symbol"
is all we need to understand if support is native or not.
Please note that transpilers might wrap this check so we should be sure the test is done natively and not before transpiling.
in
operatorSince it's also not possible to overwrite in
, please note that Symbol() in {}
is always true since SYmbols need to be shimmed through the Object.prototype
.
Either npm install get-own-property-symbols
or include this file on your page.
There are alternatives to this polyfill Symbol only and the main difference is that whit get-own-property-symbols
you actually have Object.getOwnPropertySymbols
functionality and Object.getOwnPropertyNames
will never show Symbols too.
Also today core-js brings Symbols in, but as part of the entire core-js
partial polyfill, and with same caveats described in here.
Accordingly, if you are looking for a backward compatible, stand-alone version, as ES6 compliant as possible partial polyfill, use this module, otherwise feel free to pick alternatives.
Please note this polyfill is also compatible with Object.assign.
Symbol.for
is used, or Symbol['for']
instead )You can also check if your browser or device is compatible through this page.
FAQs
get-own-property-symbols ========================
The npm package get-own-property-symbols receives a total of 1,290 weekly downloads. As such, get-own-property-symbols popularity was classified as popular.
We found that get-own-property-symbols demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.