Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
object-grep
Advanced tools
A javascript tool for searching text in keys and content inspired by linux grep
A javascript tool for searching inside objects inspired by linux grep. The tool performs deep searches in javascript objects, returning back lists of keys and values for which the search clause will be executed, this is especially useful when debugging. Regular expressions are used under the hood, so you can very flexibly customize your search terms
npm i object-grep
or
yarn add object-grep
targetObject: [object
| array
| function
| string
] - a target object where all keys and property contents
will be recursively checked for matching searchExpr
searchExpr: [string
| regexp
] - expression for checking for compliance
depth limit?: [number
] - the number of levels to check. objectGrep works synchronously, which can cause the
browser to freeze if the object being checked is very large. The default value is 20
const target = {
foo: {
bar: {
baz: {
foo: {
bar: {
baz: 'zab'
}
}
}
}
},
oof: {
rab: {
zab: ['foo', 'bar', 'baz', 'zab', 'rab', 'oof']
}
}
}
objectGrep(target, 'baz') // => {inKeys: {'foo.bar.baz': {foo: {…}}, 'foo.bar.baz.foo.bar.baz': 'zab'}, inValues: {'oof.rab.zab.2': 'baz'}}
// or regexp
objectGrep(target, /b.z/) // => {inKeys: {'foo.bar.baz': {foo: {…}}, 'foo.bar.baz.foo.bar.baz': 'zab'}, inValues: {'oof.rab.zab.2': 'baz'}}
// or with depth limit
objectGrep(target, /b.z/, 4) // => {inKeys: {'foo.bar.baz': {foo: {…} }}, inValues: {'oof.rab.zab.2': 'baz'}}
You can also use a short output format. To do this, call the short()
method on the result. This way you will only see
paths to keys and values with no data stored on those paths
const target = {
foo: {
bar: {
baz: {
foo: {
bar: {
baz: 'zab'
}
}
}
}
},
oof: {
rab: {
zab: ['foo', 'bar', 'baz', 'zab', 'rab', 'oof']
}
}
}
objectGrep(target, 'baz').short() // => {inKeys: ['foo.bar.baz', 'foo.bar.baz.foo.bar.baz'], inValues: ['oof.rab.zab.2']}
// or regexp
objectGrep(target, /b.z/).short() // => {inKeys: ['foo.bar.baz', 'foo.bar.baz.foo.bar.baz'], inValues: ['oof.rab.zab.2']}
// or with depth limit
objectGrep(target, /b.z/, 4).short() // => {inKeys: ['foo.bar.baz'], inValues: ['oof.rab.zab.2']}
It can be added to the object prototype. This way it will be possible to call grep from any object
objectGrep.inject()
const target = {a: {b: {c: 'd'}}}
target.grep('b') // => {inKeys: {a.b: {c: 'd'}}, inValues: {}}
You can set any name for the method if you don't like grep
objectGrep.inject('deepSearch')
const target = {a: {b: {c: 'd'}}}
target.deepSearch('b') // => {inKeys: {a.b: {c: 'd'}}, inValues: {}}
To cancel injection use the revoke method. To cancel injection use the revoke method. Calling revoke will return the object prototype to its original form
objectGrep.inject()
Object.prototype.grep // => ƒ (regex, depth) {...}
objectGrep.revoke()
Object.prototype.grep // => undefined
You can also install a browser extension and use object-grep on any site without any extra effort
FAQs
A javascript tool for searching text in keys and content inspired by linux grep
The npm package object-grep receives a total of 0 weekly downloads. As such, object-grep popularity was classified as not popular.
We found that object-grep demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.