Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The hoek package is a utility library that offers a variety of functions for object manipulation, array manipulation, type checking, and encoding. It is designed to provide developers with tools to simplify common tasks in JavaScript programming.
Object cloning
This feature allows for deep cloning of objects, ensuring that nested objects are cloned properly rather than just copying references.
const hoek = require('hoek');
const obj = { a: 1 };
const clone = hoek.clone(obj);
Merge objects
Merge two objects into one, where the second object's properties are added to the first object. This is useful for combining configurations or settings.
const hoek = require('hoek');
const target = { a: 1 };
const source = { b: 2 };
hoek.merge(target, source);
Assert
Provides a simple assertion utility to validate conditions. If the condition is false, it throws an error with the provided message.
const hoek = require('hoek');
hoek.assert(1 === 1, 'This will not throw');
hoek.assert(1 === 2, 'This will throw an error');
Reach
Allows for safely reaching into an object for a nested property. This helps in avoiding errors when accessing deeply nested properties.
const hoek = require('hoek');
const obj = { a: { b: { c: 1 } } };
const value = hoek.reach(obj, 'a.b.c');
Lodash is a comprehensive utility library offering a wide range of functions for tasks including object manipulation, array manipulation, string manipulation, and more. It is more extensive than hoek but can be bulkier due to its size.
Underscore is another utility library similar to lodash but with a smaller footprint. It provides many of the same functionalities as hoek but lacks some of the more specialized functions found in hoek.
Ramda focuses on functional programming, offering utilities that make it easier to apply functional paradigms in JavaScript. It provides similar functionalities for object and array manipulation but from a functional programming perspective, which is different from hoek's more general utility approach.
Utility methods for the hapi ecosystem. This module is not intended to solve every problem for everyone, but rather as a central place to store hapi-specific methods. If you're looking for a general purpose utility module, check out lodash or underscore.
This version of the package requires a commercial license. You may not use, copy, or distribute it without first acquiring a commercial license from Sideway Inc. Using this software without a license is a violation of US and international law. To obtain a license, please contact sales@sideway.com. The open source version of this package can be found here.
The Hoek library contains some common functions used within the hapi ecosystem. It comes with useful methods for Arrays (clone, merge, applyToDefaults), Objects (removeKeys, copy), Asserting and more.
For example, to use Hoek to set configuration with default options:
const Hoek = require('hoek');
const default = {url : "www.github.com", port : "8000", debug : true};
const config = Hoek.applyToDefaults(default, {port : "3000", admin : true});
// In this case, config would be { url: 'www.github.com', port: '3000', debug: true, admin: true }
FAQs
General purpose node utilities
The npm package hoek receives a total of 3,321,997 weekly downloads. As such, hoek popularity was classified as popular.
We found that hoek demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.