Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
node.extend
Advanced tools
The node.extend package is a simple utility for deep and shallow extending (merging) of objects. It is useful for combining multiple objects into one, copying properties from one object to another, and creating new objects with inherited properties.
Shallow Extend
This feature allows you to perform a shallow merge of multiple objects. In the example, properties from obj2 overwrite those in obj1 where they conflict.
const extend = require('node.extend');
const obj1 = { a: 1, b: 2 };
const obj2 = { b: 3, c: 4 };
const result = extend({}, obj1, obj2);
console.log(result); // { a: 1, b: 3, c: 4 }
Deep Extend
This feature allows you to perform a deep merge of multiple objects. Nested objects are merged recursively. In the example, the nested properties of obj2 overwrite those in obj1 where they conflict.
const extend = require('node.extend');
const obj1 = { a: 1, b: { x: 1, y: 2 } };
const obj2 = { b: { y: 3, z: 4 }, c: 5 };
const result = extend(true, {}, obj1, obj2);
console.log(result); // { a: 1, b: { x: 1, y: 3, z: 4 }, c: 5 }
Clone Object
This feature allows you to create a deep clone of an object. The example demonstrates cloning an object with nested properties.
const extend = require('node.extend');
const obj = { a: 1, b: { x: 1, y: 2 } };
const clone = extend(true, {}, obj);
console.log(clone); // { a: 1, b: { x: 1, y: 2 } }
Lodash is a modern JavaScript utility library delivering modularity, performance, and extras. It provides a wide range of utility functions, including deep and shallow merging of objects. Compared to node.extend, lodash offers a more extensive set of utilities beyond object merging.
The merge package is a simple utility for merging objects. It supports both deep and shallow merging. Compared to node.extend, merge is more focused on object merging and does not provide additional utilities.
Deepmerge is a library for deep merging of JavaScript objects. It is specifically designed for deep merging and handles arrays and objects recursively. Compared to node.extend, deepmerge is more specialized for deep merging scenarios.
A port of jQuery.extend that actually works on node.js
None of the existing ones on npm really work therefore I ported it myself.
To install this module in your current working directory (which should already contain a package.json), run
npm install node.extend
You can additionally just list the module in your package.json and run npm install.
Then, require this package where you need it:
var extend = require('node.extend');
The syntax for merging two objects is as follows:
var destObject = extend({}, sourceObject);
// Where sourceObject is the object whose properties will be copied into another.
// NOTE: In this situation, this is not a deep merge. See below on how to handle a deep merge.
For information about how the clone works internally, view source in lib/extend.js or checkout the doc from jQuery
In order to force a deep merge, when extending an object, you must pass boolean true as the first argument to extend:
var destObject = extend(true, {}, sourceObject);
// Where sourceObject is the object whose properties will be copied into another.
See this article for more information about the need for deep merges in JavaScript.
Copyright 2011, John Resig Dual licensed under the MIT or GPL Version 2 licenses. http://jquery.org/license
FAQs
A port of jQuery.extend that actually works on node.js
The npm package node.extend receives a total of 417,729 weekly downloads. As such, node.extend popularity was classified as popular.
We found that node.extend demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.