Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
just-extend
Advanced tools
The just-extend npm package is a utility library for deep or shallow copying and extending of objects. It allows users to merge properties from source objects into a target object, with the option to perform deep (recursive) merges.
Shallow extend
This feature allows the user to merge properties from one or more source objects into a target object. If the same property exists in both objects, the value from the last object will be used.
{"var extend = require('just-extend');
var obj1 = {a: 3, b: 4};
var obj2 = {b: 5, c: 6};
var result = extend(obj1, obj2);
// result is {a: 3, b: 5, c: 6}"}
Deep extend
This feature allows the user to perform a deep merge, where nested objects are also merged together. This is useful when you want to combine objects with nested structures.
{"var extend = require('just-extend');
var obj1 = {a: {b: 3}};
var obj2 = {a: {c: 4}};
var result = extend(true, obj1, obj2);
// result is {a: {b: 3, c: 4}}"}
Extend with customizer function
This feature allows the user to provide a customizer function that determines how values are merged. The customizer function can be used to specify custom merging behavior for specific properties or types of values.
{"var extend = require('just-extend');
var customizer = function(objValue, srcValue) {
if (Array.isArray(objValue)) {
return objValue.concat(srcValue);
}
};
var obj1 = {a: [1, 2], b: 3};
var obj2 = {a: [3, 4], b: 4};
var result = extend(customizer, obj1, obj2);
// result is {a: [1, 2, 3, 4], b: 4}"}
Lodash's merge function is similar to just-extend's deep extend feature. It allows for deep merging of objects, but lodash is a larger utility library with many additional functions, which might not be needed if only object merging is required.
The object-assign package provides a polyfill for the Object.assign method, which performs a shallow merge of objects. It is similar to just-extend's shallow extend feature but does not support deep merging.
Deepmerge is another package that offers deep merging of objects. It is similar to just-extend's deep extend feature but provides more options for customizing the behavior of the merge, such as array concatenation and overwriting of properties.
Part of a library of zero-dependency npm modules that do just do one thing.
Guilt-free utilities for every occasion.
import extend from 'just-extend';
var obj = {a: 3, b: 5};
extend(obj, {a: 4, c: 8}); // {a: 4, b: 5, c: 8}
obj; // {a: 4, b: 5, c: 8}
var obj = {a: 3, b: 5};
extend({}, obj, {a: 4, c: 8}); // {a: 4, b: 5, c: 8}
obj; // {a: 3, b: 5}
var arr = [1, 2, 3];
var obj = {a: 3, b: 5};
extend(obj, {c: arr}); // {a: 3, b: 5, c: [1, 2, 3]}
arr.push(4);
obj; // {a: 3, b: 5, c: [1, 2, 3, 4]}
var arr = [1, 2, 3];
var obj = {a: 3, b: 5};
extend(true, obj, {c: arr}); // {a: 3, b: 5, c: [1, 2, 3]}
arr.push(4);
obj; // {a: 3, b: 5, c: [1, 2, 3]}
extend({a: 4, b: 5}); // {a: 4, b: 5}
extend({a: 4, b: 5}, 3); {a: 4, b: 5}
extend({a: 4, b: 5}, true); {a: 4, b: 5}
extend('hello', {a: 4, b: 5}); // throws
extend(3, {a: 4, b: 5}); // throws
FAQs
extend an object
The npm package just-extend receives a total of 3,407,918 weekly downloads. As such, just-extend popularity was classified as popular.
We found that just-extend demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.