![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
lodash.forown
Advanced tools
Package description
The lodash.forown package is a utility function from the Lodash library that iterates over own enumerable string keyed properties of an object and invokes a function for each property. This is useful for object manipulation and iteration tasks.
Iterate over object properties
This feature allows you to iterate over the own enumerable string keyed properties of an object. The provided function is invoked for each property, receiving the value and key as arguments.
const _ = require('lodash.forown');
const object = { 'a': 1, 'b': 2, 'c': 3 };
_.forOwn(object, function(value, key) {
console.log(key, value);
});
Early exit from iteration
This feature allows you to exit the iteration early by returning `false` from the iteratee function. This can be useful when you need to stop processing once a certain condition is met.
const _ = require('lodash.forown');
const object = { 'a': 1, 'b': 2, 'c': 3 };
_.forOwn(object, function(value, key) {
if (key === 'b') {
return false;
}
console.log(key, value);
});
The object-foreach package provides similar functionality to lodash.forown by iterating over the own properties of an object. It is a lightweight alternative but lacks the extensive utility functions provided by Lodash.
The foreachobj package is another alternative that allows iteration over object properties. It is simple and focused solely on iteration, making it a good choice for projects that do not require the full Lodash library.
Readme
The Lo-Dash function _.forOwn
as a Node.js module generated by lodash-cli.
There’s plenty of documentation, unit tests, & benchmarks.
lodash.forown has been tested in at least Node.js 0.6.8-0.10.18.
John-David Dalton |
Blaine Bublitz | Kit Cambridge | Mathias Bynens |
FAQs
Unknown package
We found that lodash.forown demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.