Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Lodash is a JavaScript library that provides utility functions for common programming tasks using a functional programming paradigm. It includes functions for manipulating and traversing arrays, objects, and strings, as well as utilities for functions, language, math, number, object, sequence, and utility methods.
Array Manipulation
Lodash provides a rich set of array manipulation functions such as map, filter, find, and sort. The code sample demonstrates sorting an array in ascending order using a custom comparator.
[3, 2, 1].sort(_.compareWith(function(a, b) { return a - b; }))
Object Manipulation
Lodash allows for easy manipulation and traversal of objects. The code sample shows how to assign properties from source objects to a destination object.
_.assign({ 'a': 1 }, { 'b': 2 }, { 'c': 3 })
String Manipulation
Lodash includes functions to manipulate strings, such as converting to different cases, trimming, padding, etc. The code sample demonstrates converting a string to kebab-case.
_.kebabCase('Foo Bar')
Function Utilities
Lodash provides function utilities like debounce and throttle to control function invocation. The code sample shows a debounced function that will only be invoked after 250 milliseconds have passed without it being called again.
_.debounce(function() { console.log('Debounced'); }, 250)
Language Utilities
Lodash includes utilities for deep cloning, merging, and comparing objects. The code sample demonstrates deep cloning an object to ensure nested objects are cloned as well.
_.cloneDeep({ 'a': 1, 'b': { 'c': 2 } })
Underscore is a utility library with similar functionality to Lodash, offering a range of functions for manipulating arrays, objects, and functions. It is generally considered to be the predecessor to Lodash, which provides a superset of Underscore's features with additional performance optimizations.
Ramda is a functional programming library that emphasizes a more functional and composable approach compared to Lodash. It provides similar utilities but focuses on immutability and side-effect free functions, which can lead to a different programming style.
Immutable.js offers a different take on data manipulation by providing persistent immutable data structures. Unlike Lodash, which works with standard JavaScript objects and arrays, Immutable.js uses its own data structures, which can lead to better performance and easier reasoning about state changes in certain applications.
The modern build of lodash exported as Node.js/io.js modules.
Generated using lodash-cli:
$ lodash modularize modern exports=node -o ./
$ lodash modern -d -o ./index.js
Using npm:
$ {sudo -H} npm i -g npm
$ npm i --save lodash
In Node.js/io.js:
// load the modern build
var _ = require('lodash');
// or a method category
var array = require('lodash/array');
// or a method (works great with browserify/webpack to create smaller builds)
var chunk = require('lodash/array/chunk');
See the package source for more details.
Note:
Don’t assign values to the special variable _
when in the REPL.
Install n_ for a REPL that includes lodash by default.
lodash is also available in a variety of other builds & module formats.
Date
& RegExp
objects_.compose
)Object
objectsTested in Chrome 39-40, Firefox 34-35, IE 6-11, Opera 26-27, Safari 5-8, io.js 1.3.0, Node.js 0.8.28, 0.10.36, & 0.12.0, PhantomJS 1.9.8, RingoJS 0.11, & Rhino 1.7RC5.
Automated browser & CI test runs are available. Special thanks to Sauce Labs for providing automated browser testing.
FAQs
Lodash modular utilities.
The npm package lodash receives a total of 42,215,083 weekly downloads. As such, lodash popularity was classified as popular.
We found that lodash demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.