Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Immer is a package that allows you to work with immutable state in a more convenient way. It uses a copy-on-write mechanism to ensure that the original state is not mutated. Instead, Immer produces a new updated state based on the changes made within a 'produce' function. This approach simplifies the process of updating immutable data structures, especially in the context of modern JavaScript frameworks and libraries such as React and Redux.
Creating the next immutable state by modifying the current state
This feature allows you to pass a base state and a producer function to the 'produce' function. Within the producer function, you can mutate the draft state as if it were mutable. Immer takes care of applying the changes to produce the next immutable state.
import produce from 'immer';
const baseState = [
{todo: 'Learn typescript', done: true},
{todo: 'Try immer', done: false}
];
const nextState = produce(baseState, draftState => {
draftState.push({todo: 'Tweet about it'});
draftState[1].done = true;
});
Working with nested structures
Immer can handle deeply nested structures with ease. You can update deeply nested properties without the need to manually copy every level of the structure.
import produce from 'immer';
const baseState = {
user: {
name: 'Michele',
age: 33,
todos: [
{title: 'Tweet about it', done: false}
]
}
};
const nextState = produce(baseState, draftState => {
draftState.user.age = 34;
draftState.user.todos[0].done = true;
});
Currying
Immer supports currying, which means you can predefine a producer function and then apply it to different states. This is useful for creating reusable state transformers.
import produce from 'immer';
const baseState = {counter: 0};
const increment = produce(draft => {
draft.counter++;
});
const nextState = increment(baseState);
Immutable.js is a library by Facebook that provides persistent immutable data structures. Unlike Immer, which allows you to write mutable code that gets converted to immutable updates, Immutable.js requires you to use specific methods to update data structures. It offers a wide range of data structures like List, Map, Set, etc.
Mori is a library that brings Clojure's persistent data structures to JavaScript. It is similar to Immutable.js in that it provides a variety of immutable data structures and functional programming utilities. Mori's API is quite different from JavaScript's native arrays and objects, which can have a steeper learning curve compared to Immer.
Seamless-immutable is a library that provides immutability for your data structures without drastically changing the syntax of standard JavaScript objects and arrays. It is less powerful than Immer in terms of handling complex updates and nested structures but offers a simpler and more familiar API for those who prefer to work with plain JavaScript objects.
Create the next immutable state tree by simply modifying the current tree
Did Immer make a difference to your project? Consider buying me a coffee!
npm install immer
yarn add immer
immer
<script src="https://unpkg.com/immer/dist/immer.umd.js"></script>
<script src="https://cdn.jsdelivr.net/npm/immer/dist/immer.umd.js"></script>
Immer (German for: always) is a tiny package that allows you to work with immutable state in a more convenient way. It is based on the copy-on-write mechanism.
The basic idea is that you will apply all your changes to a temporarily draftState, which is a proxy of the currentState. Once all your mutations are completed, Immer will produce the nextState based on the mutations to the draft state. This means that you can interact with your data by simply modifying it while keeping all the benefits of immutable data.
Using Immer is like having a personal assistant; he takes a letter (the current state) and gives you a copy (draft) to jot changes onto. Once you are done, the assistant will take your draft and produce the real immutable, final letter for you (the next state).
A mindful reader might notice that this is quite similar to withMutations
of ImmutableJS. It is indeed, but generalized and applied to plain, native JavaScript data structures (arrays and objects) without further needing any library.
The Immer package exposes a default function that does all the work.
produce(currentState, producer: (draftState) => void): nextState
There is also a curried overload that is explained below.
import produce from "immer"
const baseState = [
{
todo: "Learn typescript",
done: true
},
{
todo: "Try immer",
done: false
}
]
const nextState = produce(baseState, draftState => {
draftState.push({todo: "Tweet about it"})
draftState[1].done = true
})
The interesting thing about Immer is that the baseState
will be untouched, but the nextState
will reflect all changes made to draftState
.
// the new item is only added to the next state,
// base state is unmodified
expect(baseState.length).toBe(2)
expect(nextState.length).toBe(3)
// same for the changed 'done' prop
expect(baseState[1].done).toBe(false)
expect(nextState[1].done).toBe(true)
// unchanged data is structurally shared
expect(nextState[0]).toBe(baseState[0])
// changed data not (dûh)
expect(nextState[1]).not.toBe(baseState[1])
Read further to see all these benefits explained.
Here is a simple example of the difference that Immer could make in practice.
// Redux reducer
// Shortened, based on: https://github.com/reactjs/redux/blob/master/examples/shopping-cart/src/reducers/products.js
const byId = (state, action) => {
switch (action.type) {
case RECEIVE_PRODUCTS:
return {
...state,
...action.products.reduce((obj, product) => {
obj[product.id] = product
return obj
}, {})
}
default:
return state
}
}
After using Immer, that simply becomes:
import produce from "immer"
const byId = (state, action) =>
produce(state, draft => {
switch (action.type) {
case RECEIVE_PRODUCTS:
action.products.forEach(product => {
draft[product.id] = product
})
}
})
Notice that it is not needed to handle the default case, a producer that doesn't do anything will simply return the original state.
Creating Redux reducer is just a sample application of the Immer package. Immer is not just designed to simplify Redux reducers. It can be used in any context where you have an immutable data tree that you want to clone and modify (with structural sharing).
Note: it might be tempting after using producers for a while, to just place produce
in your root reducer and then pass the draft to each reducer and work directly over such draft. Don't do that. It kills the point of Redux where each reducer is testable as pure reducer. Immer is best used when applying it to small individual pieces of logic.
Deep updates in the state of React components can be greatly simplified as well by using immer. Take for example the following onClick handlers (Try in codesandbox):
/**
* Classic React.setState with a deep merge
*/
onBirthDayClick1 = () => {
this.setState(prevState => ({
user: {
...prevState.user,
age: prevState.user.age + 1
}
}))
}
/**
* ...But, since setState accepts functions,
* we can just create a curried producer and further simplify!
*/
onBirthDayClick2 = () => {
this.setState(
produce(draft => {
draft.user.age += 1
})
)
}
Passing a function as the first argument to produce
is intended to be used for currying. This means that you get a pre-bound producer that only needs a state to produce the value from. The producer function gets passed in the draft and any further arguments that were passed to the curried function.
For example:
// mapper will be of signature (state, index) => state
const mapper = produce((draft, index) => {
draft.index = index
})
// example usage
console.dir([{}, {}, {}].map(mapper))
//[{index: 0}, {index: 1}, {index: 2}])
This mechanism can also nicely be leveraged to further simplify our example reducer:
import produce from 'immer'
const byId = produce((draft, action) => {
switch (action.type) {
case RECEIVE_PRODUCTS:
action.products.forEach(product => {
draft[product.id] = product
})
return
})
}
})
Note that state
is now factored out (the created reducer will accept a state, and invoke the bound producer with it).
If you want to initialize an uninitialized state using this construction, you can do so by passing the initial state as second argument to produce
:
import produce from "immer"
const byId = produce(
(draft, action) => {
switch (action.type) {
case RECEIVE_PRODUCTS:
action.products.forEach(product => {
draft[product.id] = product
})
return
}
},
{
1: {id: 1, name: "product-1"}
}
)
A random fun example just for inspiration: a neat trick is to turn Object.assign
into a producer to create a "spread" function that is smarter than the normal spread operator, as it doesn't produce a new state if the result doesn't actually change (details & explanation). Quick example:
import produce from "immer"
const spread = produce(Object.assign)
const base = {x: 1, y: 1}
console.log({...base, y: 1} === base) // false
console.log(spread(base, {y: 1}) === base) // true! base is recycled as no actual new value was produced
console.log(spread(base, {y: 2}) === base) // false, produced a new object as it should
During the run of a producer, Immer can record all the patches that would replay the changes made by the reducer. This is a very powerful tool if you want to fork your state temporarily and replay the changes to the original.
Patches are useful in few scenarios:
To help with replaying patches, applyPatches
comes in handy. Here is an example how patches could be used to record the incremental updates and (inverse) apply them:
import produce, {applyPatches} from "immer"
let state = {
name: "Micheal",
age: 32
}
// Let's assume the user is in a wizard, and we don't know whether
// his changes should end up in the base state ultimately or not...
let fork = state
// all the changes the user made in the wizard
let changes = []
// the inverse of all the changes made in the wizard
let inverseChanges = []
fork = produce(
fork,
draft => {
draft.age = 33
},
// The third argument to produce is a callback to which the patches will be fed
(patches, inversePatches) => {
changes.push(...patches)
inverseChanges.push(...inversePatches)
}
)
// In the meantime, our original state is replaced, as, for example,
// some changes were received from the server
state = produce(state, draft => {
draft.name = "Michel"
})
// When the wizard finishes (successfully) we can replay the changes that were in the fork onto the *new* state!
state = applyPatches(state, changes)
// state now contains the changes from both code paths!
expect(state).toEqual({
name: "Michel", // changed by the server
age: 33 // changed by the wizard
})
// Finally, even after finishing the wizard, the user might change his mind and undo his changes...
state = applyPatches(state, inverseChanges)
expect(state).toEqual({
name: "Michel", // Not reverted
age: 32 // Reverted
})
The generated patches are similar (but not the same) to the RFC-6902 JSON patch standard, except that the path
property is an array, rather than a string. This makes processing patches easier. If you want to normalize to the official specification, patch.path = patch.path.join("/")
should do the trick. Anyway, this is what a bunch of patches and their inverse could look like:
[
{
"op": "replace",
"path": ["profile"],
"value": {"name": "Veria", "age": 5}
},
{"op": "remove", "path": ["tags", 3]}
]
[
{"op": "replace", "path": ["profile"], "value": {"name": "Noa", "age": 6}},
{"op": "add", "path": ["tags", 3], "value": "kiddo"}
]
For a more in-depth study, see Distributing patches and rebasing actions using Immer
Tip: Check this trick to compress patches produced over time.
Immer automatically freezes any state trees that are modified using produce
. This protects against accidental modifications of the state tree outside of a producer. This comes with a performance impact, so it is recommended to disable this option in production. It is by default enabled. By default, it is turned on during local development and turned off in production. Use setAutoFreeze(true / false)
to explicitly turn this feature on or off.
It is not needed to return anything from a producer, as Immer will return the (finalized) version of the draft
anyway. However, it is allowed to just return draft
.
It is also allowed to return arbitrarily other data from the producer function. But only if you didn't modify the draft. This can be useful to produce an entirely new state. Some examples:
const userReducer = produce((draft, action) => {
switch (action.type) {
case "renameUser":
// OK: we modify the current state
draft.users[action.payload.id].name = action.payload.name
return draft // same as just 'return'
case "loadUsers":
// OK: we return an entirely new state
return action.payload
case "adduser-1":
// NOT OK: This doesn't do change the draft nor return a new state!
// It doesn't modify the draft (it just redeclares it)
// In fact, this just doesn't do anything at all
draft = {users: [...draft.users, action.payload]}
return
case "adduser-2":
// NOT OK: modifying draft *and* returning a new state
draft.userCount += 1
return {users: [...draft.users, action.payload]}
case "adduser-3":
// OK: returning a new state. But, unnecessary complex and expensive
return {
userCount: draft.userCount + 1,
users: [...draft.users, action.payload]
}
case "adduser-4":
// OK: the immer way
draft.userCount += 1
draft.users.push(action.payload)
return
}
})
Note: It is not possible to return undefined
this way, as it is indistinguishable from not updating the draft! Read on...
undefined
using nothing
So, in general, one can replace the current state by just return
ing a new value from the producer, rather than modifying the draft. There is a subtle edge case however: if you try to write a producer that wants to replace the current state with undefined
:
produce({}, draft => {
// don't do anything
})
Versus:
produce({}, draft => {
// Try to return undefined from the producer
return undefined
})
The problem is that in JavaScript a function that doesn't return anything also returns undefined
! So immer cannot differentiate between those different cases. So, by default, Immer will assume that any producer that returns undefined
just tried to modify the draft.
However, to make it clear to Immer that you intentionally want to produce the value undefined
, you can return the built-in token nothing
:
import produce, {nothing} from "immer"
const state = {
hello: "world"
}
produce(state, draft => {})
produce(state, draft => undefined)
// Both return the original state: { hello: "world"}
produce(state, draft => nothing)
// Produces a new state, 'undefined'
N.B. Note that this problem is specific for the undefined
value, any other value, including null
, doesn't suffer from this issue.
Immer exposes a named export original
that will get the original object from the proxied instance inside produce
(or return undefined
for unproxied values). A good example of when this can be useful is when searching for nodes in a tree-like state using strict equality.
const baseState = {users: [{name: "Richie"}]}
const nextState = produce(baseState, draftState => {
original(draftState.users) // is === baseState.users
})
Just want to know if a value is a proxied instance? Use the isDraft
function!
import {isDraft} from "immer"
const baseState = {users: [{name: "Bobby"}]}
const nextState = produce(baseState, draft => {
isDraft(draft) // => true
isDraft(draft.users) // => true
isDraft(draft.users[0]) // => true
})
isDraft(nextState) // => false
this
The recipe will be always invoked with the draft
as this
context.
This means that the following constructions are also valid:
const base = {counter: 0}
const next = produce(base, function() {
this.counter++
})
console.log(next.counter) // 1
// OR
const increment = produce(function() {
this.counter++
})
console.log(increment(base).counter) // 1
void
Draft mutations in Immer usually warrant a code block, since a return denotes an overwrite. Sometimes that can stretch code a little more than you might be comfortable with.
In such cases, you can use javascripts void
operator, which evaluates expressions and returns undefined
.
// Single mutation
produce(draft => void (draft.user.age += 1))
// Multiple mutations
produce(draft => void ((draft.user.age += 1), (draft.user.height = 186)))
Code style is highly personal, but for code bases that are to be understood by many, we recommend to stick to the classic draft => { draft.user.age += 1}
to avoid cognitive overhead.
The Immer package ships with type definitions inside the package, which should be picked up by TypeScript and Flow out of the box and without further configuration.
The TypeScript typings automatically remove readonly
modifiers from your draft types and return a value that matches your original type. See this practical example:
import produce from "immer"
interface State {
readonly x: number
}
// `x` cannot be modified here
const state: State = {
x: 0
}
const newState = produce<State>(state, draft => {
// `x` can be modified here
draft.x++
})
// `newState.x` cannot be modified here
This ensures that the only place you can modify your state is in your produce callbacks. It even works recursively and with ReadonlyArray
s!
Note: Immer v1.9+ supports Typescript v3.1+ only.
By default produce
tries to use proxies for optimal performance. However, on older JavaScript engines Proxy
is not available. For example, when running Microsoft Internet Explorer or React Native on Android. In such cases, Immer will fallback to an ES5 compatible implementation which works identical, but is a bit slower.
produce
is exposed as the default export, but optionally it can be used as name import as well, as this benefits some older project setups. So the following imports are all correct, where the first is recommended:
import produce from "immer"
import {produce} from "immer"
const {produce} = require("immer")
const produce = require("immer").produce
const produce = require("immer").default
import unleashTheMagic from "immer"
import {produce as unleashTheMagic} from "immer"
Immer supports the following types of data:
Date
instances, but: only if not mutated, see belowarray.test = "Test"
)null
or Object
)draft = myCoolNewState
. Instead, either modify the draft
or return a new state. See Returning data from producers.Date
objects is no problem, just make sure you never modify them (by using methods like setYear
on an existing instance). Instead, always create fresh Date
instances. Which is probably what you were unconsciously doing already.currentState
rather than the draftState
. Also, realize that immer is opt-in everywhere, so it is perfectly fine to manually write super performance critical reducers, and use immer for all the normal ones. Also note that original
can be used to get the original state of an object, which is cheaper to read.produce
'up', for example for (let x of y) produce(base, d => d.push(x))
is exponentially slower than produce(base, d => { for (let x of y) d.push(x)})
undefined
that way, as it is indistinguishable from not updating the draft at all! If you want to replace the draft with undefined
, just return nothing
from the producer.Map
and Set
. However, it is fine to just immutably "update" them yourself but still leverage immer wherever possible:const state = {
title: "hello",
tokenSet: new Set()
}
const nextState = produce(state, draft => {
draft.title = draft.title.toUpperCase() // let immer do it's job
// don't use the operations onSet, as that mutates the instance!
// draft.tokenSet.add("c1342")
// instead: clone the set (once!)
const newSet = new Set(draft.tokenSet)
// mutate the clone (just in this producer)
newSet.add("c1342")
// update the draft with the new set
draft.tokenSet = newSet
})
Or a deep update in maps (well, don't use maps for this use case, but as an example):
const state = {
users: new Map(["michel", {name: "miche"}])
}
const nextState = produce(state, draft => {
const newUsers = new Map(draft.users)
// mutate the new map and set a _new_ user object
// but leverage produce again to base the new user object on the original one
newUsers.set(
"michel",
produce(draft.users.get("michel"), draft => {
draft.name = "michel"
})
)
draft.users = newUsers
})
Read the (second part of the) introduction blog.
For those who have to go back to thinking in object updates :-)
import produce from "immer"
// object mutations
const todosObj = {
id1: {done: false, body: "Take out the trash"},
id2: {done: false, body: "Check Email"}
}
// add
const addedTodosObj = produce(todosObj, draft => {
draft["id3"] = {done: false, body: "Buy bananas"}
})
// delete
const deletedTodosObj = produce(todosObj, draft => {
delete draft["id1"]
})
// update
const updatedTodosObj = produce(todosObj, draft => {
draft["id1"].done = true
})
// array mutations
const todosArray = [
{id: "id1", done: false, body: "Take out the trash"},
{id: "id2", done: false, body: "Check Email"}
]
// add
const addedTodosArray = produce(todosArray, draft => {
draft.push({id: "id3", done: false, body: "Buy bananas"})
})
// delete
const deletedTodosArray = produce(todosArray, draft => {
draft.splice(draft.findIndex(todo => todo.id === "id1"), 1)
// or (slower):
// return draft.filter(todo => todo.id !== "id1")
})
// update
const updatedTodosArray = produce(todosArray, draft => {
draft[draft.findIndex(todo => todo.id === "id1")].done = true
})
Here is a simple benchmark on the performance of Immer. This test takes 50,000 todo items and updates 5,000 of them. Freeze indicates that the state tree has been frozen after producing it. This is a development best practice, as it prevents developers from accidentally modifying the state tree.
These tests were executed on Node 9.3.0. Use yarn test:perf
to reproduce them locally.
Most important observation:
yarn test:perf
for more tests). This is in practice negligible.(for those who skimmed the above instead of actually reading)
Q: Does Immer use structural sharing? So that my selectors can be memoized and such?
A: Yes
Q: Does Immer support deep updates?
A: Yes
Q: I can't rely on Proxies being present on my target environments. Can I use Immer?
A: Yes
Q: Can I typecheck my data structures when using Immer?
A: Yes
Q: Can I store Date
objects, functions etc in my state tree when using Immer?
A: Yes
Q: Is it fast?
A: Yes
Q: Idea! Can Immer freeze the state for me?
A: Yes
Special thanks to @Mendix, which supports its employees to experiment completely freely two full days a month, which formed the kick-start for this project.
A significant part of my OSS work is unpaid. So donations are greatly appreciated :)
FAQs
Create your next immutable state by mutating the current one
The npm package immer receives a total of 9,822,795 weekly downloads. As such, immer popularity was classified as popular.
We found that immer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.