Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
is-data-descriptor
Advanced tools
Returns true if a value has the characteristics of a valid JavaScript data descriptor.
The is-data-descriptor npm package is used to determine if an object is a valid data descriptor. Data descriptors are object keys that have attributes like value, writable, enumerable, and configurable. This package checks if a given object conforms to the specification of a data descriptor.
Check if an object is a data descriptor
This feature allows you to verify if a given object is a valid data descriptor by checking its properties and their respective values.
const isDataDescriptor = require('is-data-descriptor');
const descriptor = {value: 'value', writable: true, enumerable: true, configurable: true};
const result = isDataDescriptor(descriptor); // result is true
This package is more general than is-data-descriptor. It checks if an object is any kind of descriptor, including data and accessor descriptors. It is a superset of is-data-descriptor functionality.
Similar to is-data-descriptor, but specifically checks if an object is a valid accessor descriptor, which includes properties like get, set, enumerable, and configurable.
While not limited to descriptors, this utility module can check the type of any JavaScript value, including whether it is a descriptor. It is more versatile but less specialized than is-data-descriptor.
Returns true if a value has the characteristics of a valid JavaScript data descriptor.
true
when the descriptor has valid properties with valid values.
false
when not an object or when the object has invalid properties.
var isDataDesc = require('is-data-descriptor');
var assert = require('assert');
assert.equal(true, isDataDesc({ value: 'foo' }));
assert.equal(true, isDataDesc({ value: function () {} }));
assert.equal(true, isDataDesc({ value: true }));
assert.equal(false, isDataDesc('a'));
assert.equal(false, isDataDesc(null));
assert.equal(false, isDataDesc([]));
assert.equal(false, isDataDesc({ value: 'foo', bar: 'baz' }));
assert.equal(false, isDataDesc({ value: 'foo', bar: 'baz' }));
assert.equal(false, isDataDesc({ value: 'foo', get: function () {} }));
assert.equal(false, isDataDesc({ get: function () {}, value: 'foo' }) );
assert.equal(false, isDataDesc({ value: 'foo', enumerable: 'foo' }));
assert.equal(false, isDataDesc({ value: 'foo', configurable: 'foo' }));
assert.equal(false, isDataDesc({ value: 'foo', writable: 'foo' }));
The only valid data descriptor properties are the following:
configurable
(required)enumerable
(required)value
(optional)writable
(optional)To be a valid data descriptor, either value
or writable
must be defined.
Invalid properties
A descriptor may have additional invalid properties (an error will not be thrown).
var foo = {};
Object.defineProperty(foo, 'bar', {
enumerable: true,
whatever: 'blah', // invalid, but doesn't cause an error
get() {
return 'baz';
}
});
assert.equal(foo.bar, 'baz');
Simply clone the repo, npm install
, and run npm test
v2.1.3 - 2023-10-26
c64e97f
dce7eae
65fed07
1ebc548
10ad663
7f76a01
8178901
.gitignore
a2ca593
70540e5
95ff316
bb8bcf2
eee138d
a46e5a4
evalmd
7648a08
f0f3521
2c213cd
16bcab0
37688a1
f01936a
hasown
060ed0a
197c77a
78b6215
bbf6d2e
20aa6e5
1f77993
hasown
aa48e2f
014971e
ab05aad
FAQs
Returns true if a value has the characteristics of a valid JavaScript data descriptor.
The npm package is-data-descriptor receives a total of 26,174,709 weekly downloads. As such, is-data-descriptor popularity was classified as popular.
We found that is-data-descriptor demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.