Research
wget to Wipeout: Malicious Go Modules Fetch Destructive Payload
Socket's research uncovers three dangerous Go modules that contain obfuscated disk-wiping malware, threatening complete data loss.
By Kush Pandya - May 01, 2025
📅 You're Invited: Meet the Socket team at RSAC (April 28 – May 1).RSVP →
100
Supply Chain Security
100
Vulnerability
79
Quality
78
Maintenance
100
License
What is is-object?
The is-object npm package is a simple utility that checks if a given value is an object. It is useful for type-checking in JavaScript, ensuring that a value is an object and not another type like a string, number, or array.
What are is-object's main functionalities?
Basic Object Check
This feature allows you to check if a given value is an object. The function returns true for plain objects and false for arrays, null, strings, and other non-object types.
const isObject = require('is-object');
console.log(isObject({})); // true
console.log(isObject([])); // false
console.log(isObject(null)); // false
console.log(isObject('string')); // falseOther packages similar to is-object
lodash.isobject
The lodash.isobject package is a part of the Lodash library, which provides utility functions for common programming tasks. lodash.isobject checks if a value is an object, similar to is-object, but it is part of a larger suite of utilities, making it more versatile for various tasks.
is-plain-object
The is-plain-object package checks if a value is a plain object, i.e., an object created by the Object constructor or with a null prototype. It is more specific than is-object, which checks for any object type.
isobject
The isobject package is another utility for checking if a value is an object. It is similar to is-object but includes additional checks to ensure the value is not an array or null.
is-object 
Checks whether a value is an object
Because typeof null is a troll.
Example
var isObject = require('is-object');
var assert = require('assert');
assert.equal(isObject(null), false);
assert.equal(isObject({}), true);
Installation
npm install is-object
Contributors
MIT Licensed
v1.0.2 - 2020-12-02
Merged
- Expanded tests to check for undefined, boolean values, and functions.
#2
Commits
- [Tests] migrate tests to Github Actions
1503b2b - [Dev Deps] add
eslint, dropjscs0b33130 - [meta] add
auto-changelog4c1af71 - Use my standard jscs.json.
8e02200 - [Tests] use shared travis-ci configs
ffaa4b7 - Update
tape,covert,jscs23ae901 - [readme] fix repo URLs, remove testling
f48732a - [meta] avoid publishing github workflows
b3a84ee - [Tests] run
nycon all testsa03b699 - [Dev Deps] update
eslint,@ljharb/eslint-config,aud,auto-changelog,tapedb89fc0 - Update
tape,jscsbcb3ac9 - Expanded tests to check for undefined, boolean values and functions.
a12751e - Test up to
io.jsv2.074d46d7 - [actions] add automatic rebasing / merge commit blocking
b5505c3 - [actions] add "Allow Edits" workflow
c79aee4 - Naming deps/devDeps URLs in README
1095633 - [Dev Deps] update
eslint,@ljharb/eslint-config,aud,auto-changelog5db6e17 - [Dev Deps] update
eslint,@ljharb/eslint-config,tape; addsafe-publish-latestceaf8ab - Test up to
io.jsv2.2cf9f70e - Naming contributor URLs in README
41b759b - Test up to
io.jsv3.029cd85b - Only apps should have lockfiles
5510e47 - All grade A-supported
node/iojsversions now ship with annpmthat understands^.849b718 - Run
travis-citests oniojsand0.12; allow0.8failures; speed up builds.655c5f7 - Naming npm package URL in README
af52357 - Naming testling-ci URLs in README
70ab476 - Naming travis-ci URLs in README
08175df - [Dev Deps] update
auto-changelog,tape0f0dde7 - [Dev Deps] update
covert,tape6148d0e - Update
tape,jscsdff288a - Update
tape,jscsff04f70 - Update
jscs75e8791 - Update
jscs,tapecc7e221 - Update
tape,jscsbe32959 - Use consistent quotes.
0dedc4b - Naming npm badge PNG in README
0376b83 - Naming npm version badge SVG in README
fe00aab - [readme] remove travis badge
028ff10 - [Tests] add missing
lintscriptf431139 - [Dev Deps] update
auto-changelog; addaudad0b964 - [meta] add
fundingfieldab362a6 - [actions] update rebase action to use checkout v2
592539d - [actions] switch Automatic Rebase workflow to
pull_request_targeteventf26329d - [Tests] only audit prod deps
58efaae - Switch from vb.teelaun.ch to versionbadg.es for the npm version badge SVG.
120491a - Update
tape99ccffe - Lock covert to v1.0.0.
9d03921 - Updating jscs
a72781e - Updating tape
31aabd0 - Fixing indentation.
4c3e061 - Updating jscs
368053e
FAQs
Checks whether a value is an object
The npm package is-object receives a total of 3,397,977 weekly downloads. As such, is-object popularity was classified as popular.
We found that is-object demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 02 Dec 2020
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Using Trusted Protocols Against You: Gmail as a C2 Mechanism
Socket uncovers malicious packages on PyPI using Gmail's SMTP protocol for command and control (C2) to exfiltrate data and execute commands.
By Olivia Brown - Apr 30, 2025
Product
A New Overview in our Dashboard
We redesigned Socket's first logged-in page to display rich and insightful visualizations about your repositories protected against supply chain threats.
By André Staltz - Apr 29, 2025