Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The nanoclone npm package is a lightweight utility for deep cloning JavaScript objects. It is designed to be simple and efficient, making it a useful tool for copying objects without retaining references to the original objects.
Deep Cloning
This feature allows you to create a deep copy of an object, ensuring that nested objects are also cloned and not just referenced.
const clone = require('nanoclone');
const original = { a: 1, b: { c: 2 } };
const copy = clone(original);
console.log(copy); // { a: 1, b: { c: 2 } }
console.log(copy.b === original.b); // false
Lodash's `cloneDeep` function provides similar functionality for deep cloning objects. It is part of the larger Lodash utility library, which offers a wide range of functions for manipulating and traversing data structures. Compared to nanoclone, lodash.clonedeep is more feature-rich but also larger in size.
The `rfdc` (Really Fast Deep Clone) package is another alternative for deep cloning objects. It is designed to be extremely fast and efficient, making it a good choice for performance-critical applications. Like nanoclone, it focuses solely on deep cloning, but it is optimized for speed.
The `clone-deep` package is another utility for deep cloning objects. It supports cloning of various data types, including arrays, buffers, and more. It is more versatile than nanoclone but also slightly larger in size.
Only 145B to deep clone JavaScript objects
See comparison with the most popular clone npm package with 236M downloads
yarn add nanoclone
npm install nanoclone
import clone from 'nanoclone'
let a = {
num: 2,
arr: [1, 2, 3]
nested: {
obj: {
a: 0
}
}
}
let b = clone(a)
MIT
FAQs
300B to deep clone JavaScript objects
The npm package nanoclone receives a total of 2,507,503 weekly downloads. As such, nanoclone popularity was classified as popular.
We found that nanoclone demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.