Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
nested-equal
Advanced tools
A tiny (~239B) and super fast deep/nested equality utility.
Takes 2 values and returns a boolean indicating if they are equal or not by traversing recursively.
Supports Objects
, Arrays
, Numbers
, Strings
, null
, undefined
, NaN
, Functions
. Other types like Map
, Set
, Date
and others use reference equality instead of value equality.
Key order within objects does not matter while value order within arrays does matter.
$ npm install nested-equal
import { nestedEqual } from "nested-equal";
nestedEqual({},{}); // true
nestedEqual({a:1},{a:1}); // true
nestedEqual([1,2],[1,3]); // false
nestedEqual(NaN,NaN); // true
nestedEqual([1,2,3],[1,2,3]); // true
nestedEqual([
{a:'value',b:'value'},
{a:'value',b:'value'},
],[
{a:'value',b:'value'},
{a:'value',b:'value'},
]) // true
nestedEqual(5,'5'); // false
nestedEqual(null,null); // true
nestedEqual(null,undefined); // false
Claiming a library is fast without looking into the data structure is naive at best, since the data structure largely impacts performance as no algorithm can handle all the different data structures. Hence a couple of benchmarks were made with some different data structures to compare it to other popular libararies.
Benchmark 1
lodash.isequal x 66,593 ops/sec ±0.43% (92 runs sampled)
deep-equal x 772 ops/sec ±4.45% (43 runs sampled)
nested-equal x 458,818 ops/sec ±0.40% (91 runs sampled)
dequal x 431,045 ops/sec ±0.23% (95 runs sampled)
nano-equal x 284,753 ops/sec ±0.37% (89 runs sampled)
Benchmark 2
lodash.isequal x 853,636 ops/sec ±0.67% (91 runs sampled)
deep-equal x 2,172 ops/sec ±1.83% (75 runs sampled)
nested-equal x 6,034,107 ops/sec ±0.72% (93 runs sampled)
dequal x 5,302,918 ops/sec ±0.70% (95 runs sampled)
nano-equal x 3,542,214 ops/sec ±0.24% (93 runs sampled)
Benchmark 3
lodash.isequal x 14,347,632 ops/sec ±0.89% (91 runs sampled)
deep-equal x 4,502 ops/sec ±1.76% (72 runs sampled)
nested-equal x 21,252,686 ops/sec ±0.31% (93 runs sampled)
dequal x 21,489,939 ops/sec ±0.32% (94 runs sampled)
nano-equal x 28,915,716 ops/sec ±0.49% (94 runs sampled)
Benchmark 4
lodash.isequal x 63,600 ops/sec ±1.16% (64 runs sampled)
deep-equal x 1,420 ops/sec ±0.64% (88 runs sampled)
nested-equal x 2,909,724 ops/sec ±0.22% (91 runs sampled)
dequal x 4,138,053 ops/sec ±0.25% (94 runs sampled)
nano-equal x 1,662,534 ops/sec ±2.92% (90 runs sampled)
Benchmark 5
lodash.isequal x 70,076 ops/sec ±0.93% (90 runs sampled)
deep-equal x 2,113 ops/sec ±0.54% (88 runs sampled)
nested-equal x 7,432,844 ops/sec ±0.22% (93 runs sampled)
dequal x 7,161,662 ops/sec ±0.61% (94 runs sampled)
nano-equal x 4,496,048 ops/sec ±0.59% (94 runs sampled)
Running on Node.js v12.13.0, 64-bit OS, Intel(R) Core(TM) i5-6600K CPU @ 3.50GHz, 16.0 GB RAM
Returns: Boolean
Returns true or false indicating if the two values are equal or not.
FAQs
A tiny (~200B) and fast nested/deep equality utility
The npm package nested-equal receives a total of 21 weekly downloads. As such, nested-equal popularity was classified as not popular.
We found that nested-equal demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.