
Research
Security News
Lazarus Strikes npm Again with New Wave of Malicious Packages
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
object-path
Advanced tools
The object-path npm package provides utilities for accessing and manipulating deep properties of objects using a string path notation. It simplifies the process of getting, setting, and deleting nested properties in JavaScript objects.
Get a nested property
This feature allows you to retrieve the value of a deeply nested property within an object using a string path.
const objectPath = require('object-path');
const obj = { a: { b: { c: 42 } } };
const value = objectPath.get(obj, 'a.b.c');
console.log(value); // 42
Set a nested property
This feature allows you to set the value of a deeply nested property within an object using a string path.
const objectPath = require('object-path');
const obj = { a: { b: { } } };
objectPath.set(obj, 'a.b.c', 42);
console.log(obj); // { a: { b: { c: 42 } } }
Delete a nested property
This feature allows you to delete a deeply nested property within an object using a string path.
const objectPath = require('object-path');
const obj = { a: { b: { c: 42 } } };
objectPath.del(obj, 'a.b.c');
console.log(obj); // { a: { b: { } } }
Check if a nested property exists
This feature allows you to check if a deeply nested property exists within an object using a string path.
const objectPath = require('object-path');
const obj = { a: { b: { c: 42 } } };
const exists = objectPath.has(obj, 'a.b.c');
console.log(exists); // true
Lodash is a popular utility library that provides a wide range of functions for manipulating arrays, objects, and other data types. It includes methods like _.get, _.set, and _.has for working with nested properties, similar to object-path. However, Lodash offers a broader set of utilities beyond just object manipulation.
Dot-prop is a lightweight package that provides similar functionality to object-path for getting, setting, and deleting nested properties using dot notation. It is simpler and more focused on object property manipulation compared to the more feature-rich Lodash.
Deepdash is an extension of Lodash that adds deep traversal and manipulation capabilities. It provides methods for working with deeply nested properties, similar to object-path, but with additional features for deep operations on arrays and objects.
Access deep properties using a path
get
, set
, and push
by 2x-3xdel
will not delete not-own propertiesnpm install object-path --save
bower install object-path --save
tsd query object-path --action install --save
var obj = {
a: {
b: "d",
c: ["e", "f"],
'\u1200': 'unicode key',
'dot.dot': 'key'
}
};
var objectPath = require("object-path");
//get deep property
objectPath.get(obj, "a.b"); //returns "d"
objectPath.get(obj, ["a", "dot.dot"]); //returns "key"
objectPath.get(obj, 'a.\u1200'); //returns "unicode key"
//get the first non-undefined value
objectPath.coalesce(obj, ['a.z', 'a.d', ['a','b']], 'default');
//empty a given path (but do not delete it) depending on their type,so it retains reference to objects and arrays.
//functions that are not inherited from prototype are set to null.
//object instances are considered objects and just own property names are deleted
objectPath.empty(obj, 'a.b'); // obj.a.b is now ''
objectPath.empty(obj, 'a.c'); // obj.a.c is now []
objectPath.empty(obj, 'a'); // obj.a is now {}
//works also with arrays
objectPath.get(obj, "a.c.1"); //returns "f"
objectPath.get(obj, ["a","c","1"]); //returns "f"
//can return a default value with get
objectPath.get(obj, ["a.c.b"], "DEFAULT"); //returns "DEFAULT", since a.c.b path doesn't exists, if omitted, returns undefined
//set
objectPath.set(obj, "a.h", "m"); // or objectPath.set(obj, ["a","h"], "m");
objectPath.get(obj, "a.h"); //returns "m"
//set will create intermediate object/arrays
objectPath.set(obj, "a.j.0.f", "m");
//will insert values in array
objectPath.insert(obj, "a.c", "m", 1); // obj.a.c = ["e", "m", "f"]
//push into arrays (and create intermediate objects/arrays)
objectPath.push(obj, "a.k", "o");
//ensure a path exists (if it doesn't, set the default value you provide)
objectPath.ensureExists(obj, "a.k.1", "DEFAULT");
var oldVal = objectPath.ensureExists(obj, "a.b", "DEFAULT"); // oldval === "d"
//deletes a path
objectPath.del(obj, "a.b"); // obj.a.b is now undefined
objectPath.del(obj, ["a","c",0]); // obj.a.c is now ['f']
//tests path existence
objectPath.has(obj, "a.b"); // true
objectPath.has(obj, ["a","d"]); // false
//bind object
var model = objectPath({
a: {
b: "d",
c: ["e", "f"]
}
});
//now any method from above is supported directly w/o passing an object
model.get("a.b"); //returns "d"
model.get(["a.c.b"], "DEFAULT"); //returns "DEFAULT"
model.del("a.b"); // obj.a.b is now undefined
model.has("a.b"); // false
object-path
is intentionally designed to access only an object's own properties
If you are looking for an immutable alternative of this library, you can take a look at: object-path-immutable
FAQs
Access deep object properties using a path
The npm package object-path receives a total of 1,505,087 weekly downloads. As such, object-path popularity was classified as popular.
We found that object-path demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.
Security News
Socket CEO Feross Aboukhadijeh discusses the open web, open source security, and how Socket tackles software supply chain attacks on The Pair Program podcast.
Security News
Opengrep continues building momentum with the alpha release of its Playground tool, demonstrating the project's rapid evolution just two months after its initial launch.