Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Immer is a package that allows you to work with immutable state in a more convenient way. It uses a copy-on-write mechanism to ensure that the original state is not mutated. Instead, Immer produces a new updated state based on the changes made within a 'produce' function. This approach simplifies the process of updating immutable data structures, especially in the context of modern JavaScript frameworks and libraries such as React and Redux.
Creating the next immutable state by modifying the current state
This feature allows you to pass a base state and a producer function to the 'produce' function. Within the producer function, you can mutate the draft state as if it were mutable. Immer takes care of applying the changes to produce the next immutable state.
import produce from 'immer';
const baseState = [
{todo: 'Learn typescript', done: true},
{todo: 'Try immer', done: false}
];
const nextState = produce(baseState, draftState => {
draftState.push({todo: 'Tweet about it'});
draftState[1].done = true;
});
Working with nested structures
Immer can handle deeply nested structures with ease. You can update deeply nested properties without the need to manually copy every level of the structure.
import produce from 'immer';
const baseState = {
user: {
name: 'Michele',
age: 33,
todos: [
{title: 'Tweet about it', done: false}
]
}
};
const nextState = produce(baseState, draftState => {
draftState.user.age = 34;
draftState.user.todos[0].done = true;
});
Currying
Immer supports currying, which means you can predefine a producer function and then apply it to different states. This is useful for creating reusable state transformers.
import produce from 'immer';
const baseState = {counter: 0};
const increment = produce(draft => {
draft.counter++;
});
const nextState = increment(baseState);
Immutable.js is a library by Facebook that provides persistent immutable data structures. Unlike Immer, which allows you to write mutable code that gets converted to immutable updates, Immutable.js requires you to use specific methods to update data structures. It offers a wide range of data structures like List, Map, Set, etc.
Mori is a library that brings Clojure's persistent data structures to JavaScript. It is similar to Immutable.js in that it provides a variety of immutable data structures and functional programming utilities. Mori's API is quite different from JavaScript's native arrays and objects, which can have a steeper learning curve compared to Immer.
Seamless-immutable is a library that provides immutability for your data structures without drastically changing the syntax of standard JavaScript objects and arrays. It is less powerful than Immer in terms of handling complex updates and nested structures but offers a simpler and more familiar API for those who prefer to work with plain JavaScript objects.
Create the next immutable state tree by simply modifying the current tree
Winner of the "Breakthrough of the year" React open source award and "Most impactful contribution" JavaScript open source award in 2019
You can use Gitpod (a free online VS Code like IDE) for contributing online. With a single click it will launch a workspace and automatically:
yarn run start
.so that you can start coding straight away.
The documentation of this package is hosted at https://immerjs.github.io/immer/
Did Immer make a difference to your project? Join the open collective at https://opencollective.com/immer!
FAQs
Create your next immutable state by mutating the current one
The npm package immer receives a total of 10,012,390 weekly downloads. As such, immer popularity was classified as popular.
We found that immer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.