Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
is-plain
Advanced tools
Changelog
[1.1.0] - 2020-01-01
isPlain
now acts as a type guardReadme
is-plain
Tests if a value is a plain object. That is:
new Object()
Object.create(null)
{}
# using npm
npm install --save is-plain
# using yarn
yarn add is-plain
import isPlain from 'is-plain';
isPlain({ foo: 'bar' });
//=> true
isPlain(Object.create(null));
//=> true
isPlain(new Object());
//=> true
class Foo {}
isPlain(new Foo());
//=> false
isPlain([1, 2, 3]);
//=> false
isPlain(null);
//=> false
isPlain(Promise.resolve());
//=> false
There are already similar libraries available to test if a value is a plain object. Some of these libraries are very widely adopted. To name a few:
So, why need is-plain
when other solutions already exist?
is-plain
is only 140 bytes minzipped.
The following is a size comparison between is-plain
and other popular libraries ranked by their minified size:
While is-plain
is very comparable to is-plain-obj
in both size and logic (is-plain
being smaller by 3 bytes), the size wasn't the the only motive. Most importantly, what I wanted to address is some of the edge cases the other libraries are missing.
The following are some of the cases that causes inconsistent, arguably incorrect, results when one of the other three libraries is used (note that in all of the following cases, is-plain
considers these objects to be plain objects).
// an object without a prototype
const value = Object.create(null);
is value a plain object? | ||
---|---|---|
is-plain (this package) | true | |
is-plain-obj | true | |
⚠️ | is-plain-object | false |
lodash.isplainobject | true |
// an object with an empty prototype
const value = Object.create({});
is value a plain object? | ||
---|---|---|
is-plain (this package) | true | |
⚠️ | is-plain-obj | false |
is-plain-object | true | |
⚠️ | lodash.isplainobject | false |
// an object with a prototype whose constructor is Object
const value = Object.create({ constructor: Object });
is value a plain object? | ||
---|---|---|
is-plain (this package) | true | |
⚠️ | is-plain-obj | false |
is-plain-object | true | |
lodash.isplainobject | true |
// an object literal with own property 'constructor'
const value = {
constructor: Foo,
};
is value a plain object? | ||
---|---|---|
is-plain (this package) | true | |
is-plain-obj | true | |
⚠️ | is-plain-object | false |
lodash.isplainobject | true |
// an object literal with a '__proto__' property as an object
const value = {
__proto__: {},
};
is value a plain object? | ||
---|---|---|
is-plain (this package) | true | |
⚠️ | is-plain-obj | false |
is-plain-object | true | |
⚠️ | lodash.isplainobject | false |
// an instance of a prototype whose constructor is Object
function ObjectConstructor() {}
ObjectConstructor.prototype.constructor = Object;
const value = new ObjectConstructor();
is value a plain object? | ||
---|---|---|
is-plain (this package) | true | |
⚠️ | is-plain-obj | false |
is-plain-object | true | |
lodash.isplainobject | true |
MIT
FAQs
Test if a value is a plain object
The npm package is-plain receives a total of 0 weekly downloads. As such, is-plain popularity was classified as not popular.
We found that is-plain demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.