Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
The get-value npm package is used for safely retrieving nested values from an object or array. It is useful when dealing with deeply nested structures where checking for the existence of each level can be cumbersome. It allows for specifying paths to the desired value using a string or an array of keys/indices.
Get nested values
Retrieve a nested value from an object using a string path.
const get = require('get-value');
const obj = { a: { b: { c: 'd' } } };
console.log(get(obj, 'a.b.c')); // 'd'
Use array paths
Retrieve a nested value using an array of keys as the path.
const get = require('get-value');
const obj = { a: { b: { c: 'd' } } };
console.log(get(obj, ['a', 'b', 'c'])); // 'd'
Specify default values
Provide a default value to return if the full path does not exist.
const get = require('get-value');
const obj = { a: { b: { c: 'd' } } };
console.log(get(obj, 'a.b.e', { default: 'default value' })); // 'default value'
Split string paths
Retrieve values from keys that include a dot or other special characters by specifying a custom separator.
const get = require('get-value');
const obj = { 'a.b': { c: 'd' } };
console.log(get(obj, 'a\.b.c', { separator: '\.' })); // 'd'
lodash.get is a method from the Lodash library that provides similar functionality to get-value. It allows for retrieving nested values with a default option. Lodash is a larger utility library, so lodash.get is part of a broader suite of tools.
dot-prop is another package that allows for getting and setting nested properties. Unlike get-value, dot-prop also supports setting values. It uses a dot notation string as the path.
deep-get-set is a package that not only gets but also sets deep values. It is less popular than get-value and does not have as many configuration options.
FAQs
Use property paths like 'a.b.c' to get a nested value from an object. Even works when keys have dots in them (no other dot-prop library can do this!).
We found that get-value demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.