Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
lodash.pickby
Advanced tools
Package description
The lodash.pickby npm package is a method from the Lodash library that creates an object composed of the object properties predicate returns truthy for. The predicate is invoked with two arguments: (value, key).
Filtering object properties based on values
This code uses lodash.pickby to create a new object from the given object by keeping only the properties where the values are numbers.
{"result": _.pickBy({ 'a': 1, 'b': '2', 'c': 3 }, _.isNumber)}
Filtering object properties based on custom predicate
This code demonstrates how to use a custom predicate function to filter object properties, keeping only those where the value is greater than 1.
{"result": _.pickBy({ 'a': 1, 'b': '2', 'c': 3 }, function(value) { return value > 1; })}
The object.pick package is similar to lodash.pickby in that it allows you to create a new object by picking properties from an existing object. However, object.pick does not support predicate functions; it only allows picking based on an array of property names.
Just-pick is another package that provides functionality similar to lodash.pickby, allowing you to pick properties from an object. Like object.pick, it does not support predicate functions and requires an array of property names to determine which properties to include in the new object.
Readme
The lodash method _.pickBy
exported as a Node.js module.
Using npm:
$ {sudo -H} npm i -g npm
$ npm i --save lodash.pickby
In Node.js:
var pickBy = require('lodash.pickby');
See the documentation or package source for more details.
FAQs
The lodash method `_.pickBy` exported as a module.
We found that lodash.pickby demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.