Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
object.assign
Advanced tools
ES6 spec-compliant Object.assign shim. From https://github.com/es-shims/es6-shim
The object.assign npm package is a polyfill for the Object.assign() method in JavaScript, which is used to copy the values of all enumerable own properties from one or more source objects to a target object. It returns the target object. This package provides a reliable way to use Object.assign() in environments that do not natively support it.
Copying properties
This feature allows you to copy the properties from one or more source objects to a target object. The target object is then returned by the function.
const object = require('object.assign').getPolyfill();
const target = { a: 1 };
const source = { b: 2 };
const returnedTarget = object(target, source);
console.log(target); // Output: { a: 1, b: 2 }
Merging objects
This feature demonstrates how to merge multiple objects into a new object. This is useful for combining properties from several objects into a single object.
const object = require('object.assign').getPolyfill();
const obj1 = { a: 1 };
const obj2 = { b: 2 };
const obj3 = { c: 3 };
const newObj = object({}, obj1, obj2, obj3);
console.log(newObj); // Output: { a: 1, b: 2, c: 3 }
Lodash's _.assign() method performs a similar function to object.assign, allowing you to copy properties from source objects to a target object. Lodash offers more extensive utility functions, making it a more heavyweight option compared to the focused functionality of object.assign.
The extend package is another alternative that can be used to merge the properties of two or more objects together into the first object. It's similar to object.assign but also supports deep copying with an additional argument.
An Object.assign shim. Invoke its "shim" method to shim Object.assign if it is unavailable.
Takes a minimum of 2 arguments: target
and source
.
Takes a variable sized list of source arguments - at least 1, as many as you want.
Throws a TypeError if the target
argument is null
or undefined
.
Most common usage:
var assign = Object.assign || require('object.assign');
// Multiple sources!
var target = { a: true };
var source1 = { b: true };
var source2 = { c: true };
var sourceN = { n: true };
var expected = {
a: true,
b: true,
c: true,
n: true
};
var assign = require('object.assign');
var assert = require('assert');
assign(target, source1, source2, sourceN);
assert.deepEqual(target, expected); // AWESOME!
var assign = require('object.assign');
var assert = require('assert');
var target = {
a: true,
b: true,
c: true
};
var source1 = {
c: false,
d: false
};
var sourceN = {
e: false
};
var assigned = assign(target, source1, sourceN);
assert.equal(target, assigned); // returns the target object
assert.deepEqual(assigned, {
a: true,
b: true,
c: false,
d: false,
e: false
});
var assign = require('object.assign');
var assert = require('assert');
/* when Object.assign is not present */
delete Object.assign;
var shimmedAssign = assign.shim();
assert.equal(shimmedAssign, assign);
var target = {
a: true,
b: true,
c: true
};
var source = {
c: false,
d: false,
e: false
};
var assigned = assign(target, source);
assert.deepEqual(Object.assign(target, source), assign(target, source));
var assign = require('object.assign');
var assert = require('assert');
/* when Object.assign is present */
var shimmedAssign = assign.shim();
assert.equal(shimmedAssign, Object.assign);
var target = {
a: true,
b: true,
c: true
};
var source = {
c: false,
d: false,
e: false
};
assert.deepEqual(Object.assign(target, source), assign(target, source));
Simply clone the repo, npm install
, and run npm test
FAQs
ES6 spec-compliant Object.assign shim. From https://github.com/es-shims/es6-shim
The npm package object.assign receives a total of 38,859,663 weekly downloads. As such, object.assign popularity was classified as popular.
We found that object.assign demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.