Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
object-scan
Advanced tools
Find keys in object hierarchies using wildcard and glob matching and callbacks.
Find keys in object hierarchies using wildcard and regex matching and callbacks.
Install with npm:
$ npm install --save object-scan
const objectScan = require('object-scan');
const haystack = { a: { b: { c: 'd' }, e: { f: 'g' } } };
objectScan(['a.*.f'], { joined: true })(haystack);
// => [ 'a.e.f' ]
Matching is based on the property accessor syntax with some notable extensions.
Rectangular brackets for array path matching.
Examples:
['[2]']
(exact in array) const haystack = [0, 1, 2, 3, 4];
objectScan(['[2]'], { joined: true })(haystack);
// => [ '[2]' ]
['[2]']
(no match in object) const haystack = { 0: 'a', 1: 'b', 2: 'c' };
objectScan(['[2]'], { joined: true })(haystack);
// => []
Property name for object property matching.
Examples:
['foo']
(exact in object) const haystack = { foo: 0, bar: 1 };
objectScan(['foo'], { joined: true })(haystack);
// => [ 'foo' ]
['1']
(no match in array) const haystack = [0, 1, 2, 3, 4];
objectScan(['1'], { joined: true })(haystack);
// => []
The following characters have special meaning when not escaped:
*
: Match zero or more character+
: Match one or more character?
: Match exactly one character\
: Escape the subsequent characterWildcards can be used with Array and Object selector.
Examples:
['*']
(top level) const haystack = { a: { b: 0, c: 1 }, d: 2 };
objectScan(['*'], { joined: true })(haystack);
// => [ 'd', 'a' ]
['[?5]']
(two digit ending in five) const haystack = [...Array(30).keys()];
objectScan(['[?5]'], { joined: true })(haystack);
// => [ '[25]', '[15]' ]
['a.+.c']
(nested) const haystack = { a: { b: { c: 0 }, d: { f: 0 } } };
objectScan(['a.+.c'], { joined: true })(haystack);
// => [ 'a.b.c' ]
['a.\\+.c']
(escaped) const haystack = { a: { b: { c: 0 }, '+': { c: 0 } } };
objectScan(['a.\\+.c'], { joined: true })(haystack);
// => [ 'a.\\+.c' ]
Regex are defined by using parentheses.
Can be used with Array and Object selector.
Examples:
['(^foo)']
(starting with `foo`) const haystack = { foo: 0, foobar: 1, bar: 2 };
objectScan(['(^foo)'], { joined: true })(haystack);
// => [ 'foobar', 'foo' ]
['[(5)]']
(containing `5`) const haystack = [...Array(20).keys()];
objectScan(['[(5)]'], { joined: true })(haystack);
// => [ '[15]', '[5]' ]
['[(^[01]$)]']
(`[0]` and `[1]`) const haystack = ['a', 'b', 'c', 'd'];
objectScan(['[(^[01]$)]'], { joined: true })(haystack);
// => [ '[1]', '[0]' ]
['[(^[^01]$)]']
(other than `[0]` and `[1]`) const haystack = ['a', 'b', 'c', 'd'];
objectScan(['[(^[^01]$)]'], { joined: true })(haystack);
// => [ '[3]', '[2]' ]
['[*]', '[!(^[01]$)]']
(match all and exclude `[0]` and `[1]`) const haystack = ['a', 'b', 'c', 'd'];
objectScan(['[*]', '[!(^[01]$)]'], { joined: true })(haystack);
// => [ '[3]', '[2]' ]
There are two types of arbitrary depth matching:
**
: Matches zero or more nestings++
: Matches one or more nestingsRecursions can be combined with a regex by appending the regex.
Examples:
['a.**']
(zero or more nestings under `a`) const haystack = { a: { b: 0, c: 0 } };
objectScan(['a.**'], { joined: true })(haystack);
// => [ 'a.c', 'a.b', 'a' ]
['a.++']
(one or more nestings under `a`) const haystack = { a: { b: 0, c: 0 } };
objectScan(['a.++'], { joined: true })(haystack);
// => [ 'a.c', 'a.b' ]
['**(1)']
(all containing `1`) const haystack = { 0: { 1: ['a', 'b'] }, 1: { 1: ['c', 'd'] } };
objectScan(['**(1)'], { joined: true })(haystack);
// => [ '1.1[1]', '1.1', '1' ]
Or Clauses are defined by using curley brackets.
Can be used with Array and Object selector.
Examples:
['[{0,1}]']
(`[0]` and `[1]`) const haystack = ['a', 'b', 'c', 'd'];
objectScan(['[{0,1}]'], { joined: true })(haystack);
// => [ '[1]', '[0]' ]
['{a,d}.{b,f}']
(`a.b`, `a.f`, `d.b` and `d.f`) const haystack = { a: { b: 0, c: 1 }, d: { e: 2, f: 3 } };
objectScan(['{a,d}.{b,f}'], { joined: true })(haystack);
// => [ 'd.f', 'a.b' ]
To exclude a path, use exclamation mark.
Examples:
['{a,b},!a']
(only `b`) const haystack = { a: 0, b: 1 };
objectScan(['{a,b},!a'], {
joined: true,
strict: false
})(haystack);
// => [ 'b' ]
['**,!**.a']
(all except ending in `a`) const haystack = { a: 0, b: { a: 1, c: 2 } };
objectScan(['**,!**.a'], { joined: true })(haystack);
// => [ 'b.c', 'b' ]
The following characters are considered special and need to
be escaped using \
, if they should be matched in a key:
[
, ]
, {
, }
, (
, )
, ,
, .
, !
, ?
, *
, +
and \
.
Examples:
['\\[1\\]']
(special object key) const haystack = { '[1]': 0 };
objectScan(['\\[1\\]'], { joined: true })(haystack);
// => [ '\\[1\\]' ]
Signature of all callbacks is
Fn({
key, value, parent, parents, isMatch, matchedBy, excludedBy, traversedBy, isCircular
getKey, getValue, getParent, getParents, getIsMatch, getMatchedBy, getExcludedBy, getTraversedBy, getIsCircular
context
})
where:
key
: key that callback is invoked for (respects joined
option).value
: value for key.parent
: current parent.parents
: array of form [parent, grandparent, ...]
.isMatch
: true iff last targeting needle exists and is non-excluding.matchedBy
: all non-excluding needles targeting key.excludedBy
: all excluding needles targeting key.traversedBy
: all needles involved in traversing key.isCircular
: true iff value
contained in parents
getKey
: function that returns key
getValue
: function that returns value
getParent
: function that returns parent
getParents
: function that returns parents
getIsMatch
: function that returns isMatch
getMatchedBy
: function that returns matchedBy
getExcludedBy
: function that returns excludedBy
getTraversedBy
: function that returns traversedBy
getIsCircular
: function that returns isCircular
context
: as passed into the searchNotes on Performance:
if (isMatch) { getParents() ... }
.Type: function
Default: undefined
If defined, this callback is invoked for every match. If false
is returned, the current key is excluded from the result.
The return value of this callback has no effect when a search context is provided.
Can be used to do processing as matching keys are traversed.
Invoked in same order as matches would appear in result.
This method is conceptually similar to Array.filter().
Examples:
['**']
(filter function) const haystack = { a: 0, b: 'bar' };
objectScan(['**'], {
joined: true,
filterFn: ({ value }) => typeof value === 'string'
})(haystack);
// => [ 'b' ]
Type: function
Default: undefined
If defined, this callback is invoked for every key that is traversed by
the search. If true
is returned, all keys nested under the current key are
skipped in the search and from the final result.
Note that breakFn
is invoked before the corresponding filterFn
might be invoked.
Examples:
['**']
(break function) const haystack = { a: { b: { c: 0 }, d: { e: 1 }, f: 2 } };
objectScan(['**'], {
joined: true,
breakFn: ({ key }) => key === 'a.b'
})(haystack);
// => [ 'a.f', 'a.d.e', 'a.d', 'a.b', 'a' ]
Type: boolean
Default: false
Keys are returned as a string when set to true
instead of as a list.
Setting this option to true
will negatively impact performance.
Note that _.get and _.set fully support lists.
Examples:
['[*]']
(joined) const haystack = [0, 1, 2];
objectScan(['[*]'], { joined: true })(haystack);
// => [ '[2]', '[1]', '[0]' ]
['[*]']
(not joined) const haystack = [0, 1, 2];
objectScan(['[*]'])(haystack);
// => [ [ 2 ], [ 1 ], [ 0 ] ]
Type: boolean
Default: true
When set to false
, no array selectors should be used in any needles and arrays are automatically traversed.
Note that the results still include the array selectors.
Examples:
['a', 'b.d']
(automatic array traversal) const haystack = [{ a: 0 }, { b: [{ c: 1 }, { d: 2 }] }];
objectScan(['a', 'b.d'], {
joined: true,
useArraySelector: false
})(haystack);
// => [ '[1].b[1].d', '[0].a' ]
['']
(top level array matching) const haystack = [{ a: 0 }, { b: 1 }];
objectScan([''], {
joined: true,
useArraySelector: false
})(haystack);
// => [ '[1]', '[0]' ]
Type: boolean
Default: true
When set to true
, errors are thrown when:
Examples:
['a.b', 'a.b']
(identical) const haystack = [];
objectScan(['a.b', 'a.b'], { joined: true })(haystack);
// => 'Error: Redundant Needle Target: "a.b" vs "a.b"'
['a.{b,b}']
(identical, same needle) const haystack = [];
objectScan(['a.{b,b}'], { joined: true })(haystack);
// => 'Error: Redundant Needle Target: "a.{b,b}" vs "a.{b,b}"'
['a.b', 'a.**']
(invalidates previous) const haystack = [];
objectScan(['a.b', 'a.**'], { joined: true })(haystack);
// => 'Error: Needle Target Invalidated: "a.b" by "a.**"'
['**.!**']
(consecutive recursion) const haystack = [];
objectScan(['**.!**'], { joined: true })(haystack);
// => 'Error: Redundant Recursion: "**.!**"'
A context can be passed into a search invocation as a second parameter. It is available in all callbacks and can be used to manage state across a search invocation without having to recompile the search.
By default all matched keys are returned from a search invocation. However, when it is not undefined, the context is returned instead.
Examples:
['**']
(last segments only) const haystack = { a: { b: { c: 0, d: 1 }, e: 2 } };
objectScan(['**'], {
filterFn: ({ key, context }) => { context.push(key[key.length - 1]); }
})(haystack, []);
// => [ 'e', 'd', 'c', 'b', 'a' ]
More extensive examples can be found in the tests.
['a.*.f']
(nested) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['a.*.f'], { joined: true })(haystack);
// => [ 'a.e.f' ]
['*.*.*']
(multiple nested) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['*.*.*'], { joined: true })(haystack);
// => [ 'a.e.f', 'a.b.c' ]
['a.*.{c,f}']
(or filter) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['a.*.{c,f}'], { joined: true })(haystack);
// => [ 'a.e.f', 'a.b.c' ]
['a.*.{c,f}']
(or filter, not joined) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['a.*.{c,f}'])(haystack);
// => [ [ 'a', 'e', 'f' ], [ 'a', 'b', 'c' ] ]
['*.*[*]']
(list filter) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['*.*[*]'], { joined: true })(haystack);
// => [ 'a.h[1]', 'a.h[0]' ]
['*[*]']
(list filter, unmatched) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['*[*]'], { joined: true })(haystack);
// => []
['**']
(star recursion) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['**'], { joined: true })(haystack);
// => [ 'k', 'a.h[1]', 'a.h[0]', 'a.h', 'a.e.f', 'a.e', 'a.b.c', 'a.b', 'a' ]
['++.++']
(plus recursion) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['++.++'], { joined: true })(haystack);
// => [ 'a.h[1]', 'a.h[0]', 'a.h', 'a.e.f', 'a.e', 'a.b.c', 'a.b' ]
['**.f']
(star recursion ending in f) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['**.f'], { joined: true })(haystack);
// => [ 'a.e.f' ]
['**[*]']
(star recursion ending in array) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['**[*]'], { joined: true })(haystack);
// => [ 'a.h[1]', 'a.h[0]' ]
['a.*,!a.e']
(exclusion filter) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['a.*,!a.e'], { joined: true })(haystack);
// => [ 'a.h', 'a.b' ]
['**.(^[bc]$)']
(regex matching) const haystack = { a: { b: { c: 'd' }, e: { f: 'g' }, h: ['i', 'j'] }, k: 'l' };
objectScan(['**.(^[bc]$)'], { joined: true })(haystack);
// => [ 'a.b.c', 'a.b' ]
The top level object(s) are matched by the empty needle ""
.
Useful for matching objects nested in arrays by setting useArraySelector
to false
.
Note that the empty string does not work with _.get and _.set.
Conceptually this package works as follows:
During initialization the needles are parsed and built into a search tree. Various information is pre-computed and stored for every node. Finally the search function is returned.
When the search function is invoked, the input is traversed simultaneously with the relevant nodes of the search tree. Processing multiple search tree branches in parallel allows for a single traversal of the input.
Having a separate initialization stage allows for a performant search and significant speed ups when applying the same search to different input.
FAQs
Traverse object hierarchies using matching and callbacks.
The npm package object-scan receives a total of 28,521 weekly downloads. As such, object-scan popularity was classified as popular.
We found that object-scan demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.