Research
Two Malicious Rust Crates Impersonate Popular Logger to Steal Wallet Keys
Socket uncovers malicious Rust crates impersonating fast_log to steal Solana and Ethereum wallet keys from source code.
By Kirill Boychenko - Sep 24, 2025
json-merge-patch
Advanced tools
What is json-merge-patch?
The json-merge-patch npm package allows you to apply RFC 7396 JSON Merge Patch operations to JSON documents. This is useful for updating JSON objects by merging changes rather than replacing entire objects.
What are json-merge-patch's main functionalities?
Merging JSON Objects
This feature allows you to merge two JSON objects. The `apply` method takes a target object and a patch object, and returns a new object that is the result of applying the patch to the target.
const jsonMergePatch = require('json-merge-patch');
const target = { a: 1, b: 2 };
const patch = { b: 3, c: 4 };
const result = jsonMergePatch.apply(target, patch);
console.log(result); // { a: 1, b: 3, c: 4 }Removing Properties
This feature allows you to remove properties from a JSON object by setting their values to `null` in the patch object. The `apply` method will remove the property from the target object.
const jsonMergePatch = require('json-merge-patch');
const target = { a: 1, b: 2, c: 3 };
const patch = { b: null };
const result = jsonMergePatch.apply(target, patch);
console.log(result); // { a: 1, c: 3 }Nested Merging
This feature allows you to merge nested JSON objects. The `apply` method will recursively merge nested objects, updating only the specified properties.
const jsonMergePatch = require('json-merge-patch');
const target = { a: { b: 1, c: 2 } };
const patch = { a: { c: 3, d: 4 } };
const result = jsonMergePatch.apply(target, patch);
console.log(result); // { a: { b: 1, c: 3, d: 4 } }Other packages similar to json-merge-patch
deepmerge
The deepmerge package allows you to merge JavaScript objects recursively, which is similar to json-merge-patch. However, deepmerge does not follow the RFC 7396 standard and offers more flexibility in merging strategies.
lodash.merge
The lodash.merge function from the lodash library provides deep merging of objects. It is more versatile and widely used compared to json-merge-patch, but it does not specifically implement the JSON Merge Patch standard.
json-patch
The json-patch package implements the JSON Patch (RFC 6902) standard, which is more complex and powerful than JSON Merge Patch. It allows for a wider range of operations, including adding, removing, and replacing elements in JSON documents.
JSON Merge Patch
An implementation of the JSON Merge Patch RFC 7396
JSON Merge Patch (RFC 7396) is a standard format that allows you to update a JSON document by sending the changes rather than the whole document. JSON Merge Patch plays well with the HTTP PATCH verb (method) and REST style programming.
Install
Install the current version (and save it as a dependency):
npm
$ npm install json-merge-patch --save
Usage
Applying patches:
jsonmergepatch.apply(obj: Object, patch: Object) : Object
Applies patch onto source obj.
Example:
var source = {
"title": "Goodbye!",
"author" : {
"givenName" : "John",
"familyName" : "Doe"
}
};
var patch = {
"title": 'Hello!',
"author": {
"familyName": null
}
}
var target = jsonmergepatch.apply(source, patch);
// target = {
// "title": "Hello!",
// "author" : {
// "givenName" : "John",
// }
// }
Generating patches:
jsonmergepatch.generate(source: Object, target: Object) : Object
Compares source and target object and generates a patch of the changes necessary to convert source into target.
Example:
var source = {
"title": "Goodbye!",
"author" : "John Doe"
};
var target = {
"title": "Hello!",
};
var patch = jsonmergepatch.generate(source, target);
// patch = {
// "title": 'Hello!',
// "author": null
// }
Merging patches
This function is outside the scope of the RFC, its purpose is to combine/squash successive patches of the same entity into one patch. Use it at your own risks.
Usage with Javascript objects
This library is primarily designed to work with JSON.
Nonetheless, it is possible to use Javascript objects if the method toJSON() is implemented, the library will then serialize your object using it.
var patch = jsonmergepatch.generate(
{
"title": "Goodbye!"
},
{
toJSON: () {
return {
"title": "I am serialized"
}
},
}
);
// patch = {
// "title": "I am serialized",
// }
var patch = jsonmergepatch.generate(
{},
{
date: new Date("2020-05-09T00:00:00.000")
}
);
// patch = {
// date: "2020-05-09T00:00:00.000"
// }
Running tests
npm test
License
MIT
FAQs
Implementation of JSON Merge Patch (RFC 7396)
We found that json-merge-patch demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 21 Jul 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025