Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
object-path-plus
Advanced tools
object-path-plus
is an object-path compatible library that also
provides the ability to synthesize values from multiple provided paths.
Currently, it only supports the .
delimited path format of object-path
.
npm install object-path-plus
or
yarn add object-path-plus
object-path
usageTo see basic object path usage, see object-path's documentation
Concatenation with object-path-plus
is very simple, just add a +
sign!
You can concatenate resolve values from multiple object-path
s and you can
also concatenate string literals with resolved path values.
const { resolve } = require('object-path-plus');
resolve({ a: { b: 1 }, c: { d: 2 } }, 'a.b + c.d') === 3;
resolve({ a: { b: 'foo' }, c: { d: 'bar' } }, 'a.b + c.d') === 'foobar';
resolve({ a: { b: 1 }, c: { d: 2 } }, 'a.b + " - " + c.d') === '1 - 2';
resolve({ a: { b: 'foo' }, c: { d: 'bar' } }, 'a.b + " " + c.d') === 'foo bar';
resolve({
a: { b: 'foo' },
c: { d: 'bar' },
e: { f: [ 'baz', 'whiz' ] }
}, 'a.b + " " + c.d + " " + e.f.1') === 'foo bar whiz';
resolve({
a: { b: 'foo' },
c: { d: 'bar' },
e: { f: [ 0, 1 ] }
}, 'a.b + " " + c.d + " " + e.f.1') === 'foo bar 1';
You can also use a property to index within an array. Just use the []
syntax.
resolve({
firstkey: {index: 1},
arr: [{key: 1}, {key: 2}]
}, 'arr[firstkey.index].key') === 2
You can also test if a path is valid prior to trying to resolve a value with it.
const { validate } = require('object-path-plus');
validate('a.b') === true;
validate('a.b + c.d') === true;
validate('a.b + hello world') === false;
FAQs
Object path traversal with concatenation
The npm package object-path-plus receives a total of 57 weekly downloads. As such, object-path-plus popularity was classified as not popular.
We found that object-path-plus demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 22 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.