Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
object.assign
Advanced tools
ES6 spec-compliant Object.assign shim. From https://github.com/es-shims/es6-shim
The object.assign npm package is a polyfill for the Object.assign() method in JavaScript, which is used to copy the values of all enumerable own properties from one or more source objects to a target object. It returns the target object. This package provides a reliable way to use Object.assign() in environments that do not natively support it.
Copying properties
This feature allows you to copy the properties from one or more source objects to a target object. The target object is then returned by the function.
const object = require('object.assign').getPolyfill();
const target = { a: 1 };
const source = { b: 2 };
const returnedTarget = object(target, source);
console.log(target); // Output: { a: 1, b: 2 }
Merging objects
This feature demonstrates how to merge multiple objects into a new object. This is useful for combining properties from several objects into a single object.
const object = require('object.assign').getPolyfill();
const obj1 = { a: 1 };
const obj2 = { b: 2 };
const obj3 = { c: 3 };
const newObj = object({}, obj1, obj2, obj3);
console.log(newObj); // Output: { a: 1, b: 2, c: 3 }
Lodash's _.assign() method performs a similar function to object.assign, allowing you to copy properties from source objects to a target object. Lodash offers more extensive utility functions, making it a more heavyweight option compared to the focused functionality of object.assign.
The extend package is another alternative that can be used to merge the properties of two or more objects together into the first object. It's similar to object.assign but also supports deep copying with an additional argument.
An Object.assign shim. Invoke its "shim" method to shim Object.assign if it is unavailable.
This package implements the es-shim API interface. It works in an ES3-supported environment and complies with the spec. In an ES6 environment, it will also work properly with Symbol
s.
Takes a minimum of 2 arguments: target
and source
.
Takes a variable sized list of source arguments - at least 1, as many as you want.
Throws a TypeError if the target
argument is null
or undefined
.
Most common usage:
var assign = require('object.assign').getPolyfill(); // returns native method if compliant
/* or */
var assign = require('object.assign/polyfill')(); // returns native method if compliant
var assert = require('assert');
// Multiple sources!
var target = { a: true };
var source1 = { b: true };
var source2 = { c: true };
var sourceN = { n: true };
var expected = {
a: true,
b: true,
c: true,
n: true
};
assign(target, source1, source2, sourceN);
assert.deepEqual(target, expected); // AWESOME!
var target = {
a: true,
b: true,
c: true
};
var source1 = {
c: false,
d: false
};
var sourceN = {
e: false
};
var assigned = assign(target, source1, sourceN);
assert.equal(target, assigned); // returns the target object
assert.deepEqual(assigned, {
a: true,
b: true,
c: false,
d: false,
e: false
});
/* when Object.assign is not present */
delete Object.assign;
var shimmedAssign = require('object.assign').shim();
/* or */
var shimmedAssign = require('object.assign/shim')();
assert.equal(shimmedAssign, assign);
var target = {
a: true,
b: true,
c: true
};
var source = {
c: false,
d: false,
e: false
};
var assigned = assign(target, source);
assert.deepEqual(Object.assign(target, source), assign(target, source));
/* when Object.assign is present */
var shimmedAssign = require('object.assign').shim();
assert.equal(shimmedAssign, Object.assign);
var target = {
a: true,
b: true,
c: true
};
var source = {
c: false,
d: false,
e: false
};
assert.deepEqual(Object.assign(target, source), assign(target, source));
Simply clone the repo, npm install
, and run npm test
FAQs
ES6 spec-compliant Object.assign shim. From https://github.com/es-shims/es6-shim
The npm package object.assign receives a total of 30,136,075 weekly downloads. As such, object.assign popularity was classified as popular.
We found that object.assign demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.