Research
Security News
Malicious PyPI Package ‘pycord-self’ Targets Discord Developers with Token Theft and Backdoor Exploit
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Get or set a object values from a keypath string. Supports bracket notation, dot notation, and functions
Get or set a object values from a keypath string. Supports bracket notation, dot notation, and functions. Ignores errors for deep-keypaths by default.
Safely handles string expressions - No eval
or new Function
code here!
npm install keypather
dot notation, bracket notation, and functions (even with arguments) all supported:
var keypath = require('keypather')();
var obj = {
foo: {
bar: {
baz: 'val'
}
}
};
keypath.get(obj, "foo.bar.baz"); // val
keypath.get(obj, "['foo']['bar']['baz']"); // val
var keypath = require('keypather')();
var obj = {
foo: function () {
return function () {
return function () {
return 'val';
};
};
}
};
keypath.get(obj, "foo()()()"); // val
var keypath = require('keypather')();
var obj = {
foo: function () {
return {
bar: {
baz: 'val'
}
};
}
};
keypath.get(obj, "foo()['bar'].baz"); // val
functions with arguments
var keypath = require('keypather')();
var obj = {
create: function (data) {
var data = data;
return {
get: function (key) {
return data[key];
}
};
}
};
keypath.get(obj, "create(%).get(%)", [{foo:1, bar:2}], ['foo']); // 1
keypath.get(obj, "create(%).get(%)", {foo:1, bar:2}, 'foo'); // 1, single args are automatically placed in arrays
// technically you can use anything (except dots, parens, brackets, or empty string)
// between the parens of functions that accept args (in place of %)
Get returns null for keypaths that do not exist by default,
but can also throw errors with { force: false }
var keypath = require('keypather')(); // equivalent to { force:true }
var obj = {};
keypath.get(obj, "foo.bar.baz"); // null
var keypath = require('keypather')({ force: false });
var obj = {};
keypath.get(obj, "foo.bar.baz");
// throw's an error
// Error: Cannot get 'foo' of undefined
mixed notation, dot notation, and bracket notation all supported:
var keypath = require('keypather')();
var obj = {
foo: {
bar: {
baz: 'val'
}
}
}
};
keypath.set(obj, "foo['bar'].baz", 'value'); // value
keypath.set(obj, "foo.bar.baz", 'value'); // value
keypath.set(obj, "['foo']['bar']['baz']", 'value'); // value
Set forces creation by default:
var keypath = require('keypather')(); // equivalent to { force:true }
var obj = {};
keypath.set(obj, "foo.bar.baz", 'val'); // value
// obj = {
// foo: {
// bar: {
// baz: 'val'
// }
// }
// };
var keypath = require('keypather')({ force: false });
var obj = {};
keypath.set(obj, "foo.bar.baz", 'val');
// throw's an error
// Error: Cannot get 'foo' of undefined
Equivalent to key in obj
var keypath = require('keypather')();
var obj = {
foo: {
bar: {
baz: 'val'
}
}
}
};
keypath.in(obj, "foo['bar'].baz"); // true
keypath.in(obj, "foo.bar.baz"); // true
keypath.in(obj, "['foo']['bar']['baz']"); // true
// obj:
// {
// foo: {
// bar: {}
// }
// }
Equivalent to obj.hasOwnProperty
var keypath = require('keypather')();
var obj = {
foo: {
bar: {
baz: 'val'
}
}
}
};
keypath.has(obj, "foo['bar'].baz"); // true
keypath.has(obj, "foo.bar.baz"); // true
keypath.has(obj, "['foo']['bar']['baz']"); // true
// obj:
// {
// foo: {
// bar: {}
// }
// }
Equivalent to delete obj.key
var keypath = require('keypather')();
var obj = {
foo: {
bar: {
baz: 'val'
}
}
}
};
keypath.del(obj, "foo['bar'].baz"); // true
keypath.del(obj, "foo.bar.baz"); // true
keypath.del(obj, "['foo']['bar']['baz']"); // true
// obj:
// {
// foo: {
// bar: {}
// }
// }
Flatten an object or array into a keypath object
var keypath = require('keypather')();
keypath.flatten({
foo: {
qux: 'hello'
},
bar: [
1,
{
yolo: [1]
}
]
});
// returns:
// {
// 'foo.qux': 'hello',
// 'bar[0]': 1,
// 'bar[1].yolo[0]': 1
// }
/* accepts a delimiter other than '.' as second arg */
keypath.flatten({
foo: {
qux: 'hello'
}
}, '__');
// returns:
// {
// 'foo__qux': 'hello',
// }
Expand a flattened object back into an object or array
var keypath = require('keypather')();
keypath.expand({
'foo.qux': 'hello',
'bar[0]': 1,
'bar[1].yolo[0]': 1
});
// returns:
// {
// foo: {
// qux: 'hello'
// },
// bar: [
// 1,
// {
// yolo: [1]
// }
// ]
// }
/* expand will assume the object is an array if all the keys are numbers */
keypath.expand({
'[0]': 1,
'[1].yolo[0]': 1
});
// returns:[
// 1,
// {
// yolo: [1]
// }
// ]
/* accepts a delimiter other than '.' as second arg */
keypath.flatten({
foo: {
qux: 'hello'
}
}, '__');
// returns:
// {
// 'foo__qux': 'hello'
// }
FAQs
Get or set a deep value using a keypath string. Supports bracket and dot notation
We found that keypather demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.