Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
is-descriptor
Advanced tools
Package description
The is-descriptor npm package is used for checking if an object is a valid descriptor. Descriptors are objects that define the behavior of properties on JavaScript objects, such as whether they are writable, enumerable, or configurable, and they can also specify getter and setter functions. This package is useful for validation in libraries that manipulate object properties and descriptors, ensuring that operations like defining new properties or modifying existing ones are performed with valid descriptor objects.
Checking property descriptors
This feature allows you to check if a given object is a valid property descriptor. The code sample demonstrates checking various objects to see if they qualify as descriptors based on their properties.
const isDescriptor = require('is-descriptor');
console.log(isDescriptor({enumerable: false, configurable: true})); // true
console.log(isDescriptor({value: 'hello'})); // true
console.log(isDescriptor({get: function() {}})); // true
console.log(isDescriptor({set: undefined})); // false
This package checks specifically for data descriptors, which are a type of property descriptor focusing on value properties rather than accessor properties (getters and setters). It's more specific compared to is-descriptor, which checks for both data and accessor descriptors.
Similar to is-data-descriptor, this package focuses on checking for accessor descriptors, which define getter and setter functions for a property. It complements is-data-descriptor by covering the other main type of property descriptor, offering a more focused approach compared to the broader checks performed by is-descriptor.
Changelog
v3.1.0 - 2023-05-01
1f4e8cd
safe-publish-latest
, npmignore
, auto-changelog
, evalmd
, aud
5993285
8807164
0bc26a3
1604d7f
7893404
1dcc45e
d1edefe
files
field to npmignore; add exports
c64d3d3
Readme
Returns true if a value has the characteristics of a valid JavaScript descriptor. Works for fully completed data descriptors and accessor descriptors.
const isDescriptor = require('is-descriptor');
const assert = require('assert');
const defaults = { configurable: false, enumerable: false };
const dataDefaults = { ...defaults, writable: false};
assert.ok(isDescriptor({ ...dataDefaults, value: 'foo' }));
assert.ok(isDescriptor({ ...defaults, get() {}, set() {} }));
assert.ok(!isDescriptor({ ...defaults, get: 'foo', set() {} }));
You may also check for a descriptor by passing an object as the first argument and property name (string
) as the second argument.
const obj = {};
obj.foo = null;
Object.defineProperty(obj, 'bar', { value: 'xyz' });
Reflect.defineProperty(obj, 'baz', { value: 'xyz' });
assert.ok(isDescriptor(obj, 'foo'));
assert.ok(isDescriptor(obj, 'bar'));
assert.ok(isDescriptor(obj, 'baz'));
Returns false
when not an object
assert.ok(!isDescriptor('a'));
assert.ok(!isDescriptor(null));
assert.ok(!isDescriptor([]));
Returns true
when the object has valid properties with valid values.
assert.ok(isDescriptor({ ...dataDefaults, value: 'foo' }));
assert.ok(isDescriptor({ ...dataDefaults, value() {} }));
Returns false
when the object has invalid properties
assert.ok(!isDescriptor({ ...dataDefaults, value: 'foo', bar: 'baz' }));
assert.ok(!isDescriptor({ ...dataDefaults, value: 'foo', bar: 'baz' }));
assert.ok(!isDescriptor({ ...dataDefaults, value: 'foo', get() {} }));
assert.ok(!isDescriptor({ ...dataDefaults, get() {}, value() {} }));
false
when a value is not the correct type
assert.ok(!isDescriptor({ ...dataDefaults, value: 'foo', enumerable: 'foo'}));
assert.ok(!isDescriptor({ ...dataDefaults, value: 'foo', configurable: 'foo'}));
assert.ok(!isDescriptor({ ...dataDefaults, value: 'foo', writable: 'foo'}));
true
when the object has valid properties with valid values.
assert.ok(isDescriptor({ ...defaults, get() {}, set() {} }));
assert.ok(isDescriptor({ ...defaults, get() {} }));
assert.ok(isDescriptor({ ...defaults, set() {} }));
false
when the object has invalid properties
assert.ok(!isDescriptor({ ...defaults, get() {}, set() {}, bar: 'baz' }));
assert.ok(!isDescriptor({ ...defaults, get() {}, writable: true }));
assert.ok(!isDescriptor({ ...defaults, get() {}, value: true }));
Returns false
when an accessor is not a function
assert.ok(!isDescriptor({ ...defaults, get() {}, set: 'baz' }));
assert.ok(!isDescriptor({ ...defaults, get: 'foo', set() {} }));
assert.ok(!isDescriptor({ ...defaults, get: 'foo', bar: 'baz' }));
assert.ok(!isDescriptor({ ...defaults, get: 'foo', set: 'baz' }));
Returns false
when a value is not the correct type
assert.ok(!isDescriptor({ ...defaults, get() {}, set() {}, enumerable: 'foo' }));
assert.ok(!isDescriptor({ ...defaults, set() {}, configurable: 'foo' }));
assert.ok(!isDescriptor({ ...defaults, get() {}, configurable: 'foo' }));
You might also be interested in these projects:
Simply clone the repo, npm install
, and run npm test
FAQs
Returns true if a value has the characteristics of a valid JavaScript descriptor. Works for data descriptors and accessor descriptors.
The npm package is-descriptor receives a total of 36,428,406 weekly downloads. As such, is-descriptor popularity was classified as popular.
We found that is-descriptor demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.