Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
just-extend
Advanced tools
The just-extend npm package is a utility library for deep or shallow copying and extending of objects. It allows users to merge properties from source objects into a target object, with the option to perform deep (recursive) merges.
Shallow extend
This feature allows the user to merge properties from one or more source objects into a target object. If the same property exists in both objects, the value from the last object will be used.
{"var extend = require('just-extend');
var obj1 = {a: 3, b: 4};
var obj2 = {b: 5, c: 6};
var result = extend(obj1, obj2);
// result is {a: 3, b: 5, c: 6}"}
Deep extend
This feature allows the user to perform a deep merge, where nested objects are also merged together. This is useful when you want to combine objects with nested structures.
{"var extend = require('just-extend');
var obj1 = {a: {b: 3}};
var obj2 = {a: {c: 4}};
var result = extend(true, obj1, obj2);
// result is {a: {b: 3, c: 4}}"}
Extend with customizer function
This feature allows the user to provide a customizer function that determines how values are merged. The customizer function can be used to specify custom merging behavior for specific properties or types of values.
{"var extend = require('just-extend');
var customizer = function(objValue, srcValue) {
if (Array.isArray(objValue)) {
return objValue.concat(srcValue);
}
};
var obj1 = {a: [1, 2], b: 3};
var obj2 = {a: [3, 4], b: 4};
var result = extend(customizer, obj1, obj2);
// result is {a: [1, 2, 3, 4], b: 4}"}
Lodash's merge function is similar to just-extend's deep extend feature. It allows for deep merging of objects, but lodash is a larger utility library with many additional functions, which might not be needed if only object merging is required.
The object-assign package provides a polyfill for the Object.assign method, which performs a shallow merge of objects. It is similar to just-extend's shallow extend feature but does not support deep merging.
Deepmerge is another package that offers deep merging of objects. It is similar to just-extend's deep extend feature but provides more options for customizing the behavior of the merge, such as array concatenation and overwriting of properties.
Part of a library of zero-dependency npm modules that do just do one thing. Guilt-free utilities for every occasion.
npm install just-extend
yarn add just-extend
Extend an object
import extend from 'just-extend';
var obj = {a: 3, b: 5};
extend(obj, {a: 4, c: 8}); // {a: 4, b: 5, c: 8}
obj; // {a: 4, b: 5, c: 8}
var obj = {a: 3, b: 5};
extend({}, obj, {a: 4, c: 8}); // {a: 4, b: 5, c: 8}
obj; // {a: 3, b: 5}
var arr = [1, 2, 3];
var obj = {a: 3, b: 5};
extend(obj, {c: arr}); // {a: 3, b: 5, c: [1, 2, 3]}
arr.push(4);
obj; // {a: 3, b: 5, c: [1, 2, 3, 4]}
var arr = [1, 2, 3];
var obj = {a: 3, b: 5};
extend(true, obj, {c: arr}); // {a: 3, b: 5, c: [1, 2, 3]}
arr.push(4);
obj; // {a: 3, b: 5, c: [1, 2, 3]}
extend({a: 4, b: 5}); // {a: 4, b: 5}
extend({a: 4, b: 5}, 3); {a: 4, b: 5}
extend({a: 4, b: 5}, true); {a: 4, b: 5}
extend('hello', {a: 4, b: 5}); // throws
extend(3, {a: 4, b: 5}); // throws
FAQs
extend an object
The npm package just-extend receives a total of 4,117,346 weekly downloads. As such, just-extend popularity was classified as popular.
We found that just-extend demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.