![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
object.hasown
Advanced tools
Package description
The object.hasown npm package is a polyfill for the `Object.hasOwn` method, which is a standardized way of checking if an object has a property as its own (not inherited from its prototype chain). This package provides a reliable way to perform this check across different JavaScript environments, including those that do not support the `Object.hasOwn` method natively.
Checking for own property
This feature allows you to check if an object has a specific property as its own. The code sample demonstrates checking for the existence of properties 'a' and 'b' on an object.
const hasOwn = require('object.hasown');
const object = { a: 1 };
const hasA = hasOwn(object, 'a'); // true
const hasB = hasOwn(object, 'b'); // false
The 'has' package is a similar function that checks for the existence of a property in an object. It is similar to object.hasown but does not specifically check for own properties, meaning it could return true for inherited properties as well.
Lodash's 'has' function is part of the larger lodash utility library. It checks if `path` is a direct property of `object`. While similar, lodash's implementation allows checking deep paths, not just top-level properties, which is not a feature of object.hasown.
Changelog
v1.1.4 - 2024-03-22
28440a5
579b54d
es-abstract
f7f9aa1
call-bind
, npmignore
, tape
8a2f213
es-object-atoms
instead of es-abstract
f0efe3b
call-bind
, tape
683b500
define-properties
, es-abstract
f74ecf2
engines.node
7ca6eeb
es-abstract
d5aa232
aud
26fa7f9
Readme
An ES spec-compliant Object.hasOwn
shim. Invoke its "shim" method to shim Object.hasOwn
if it is unavailable or noncompliant.
This package implements the es-shim API interface. It works in an ES3-supported environment and complies with the spec.
Most common usage:
var assert = require('assert');
var hasOwn = require('object.hasown');
var obj = { a: 1, b: 2 };
assert(hasOwn(obj, 'a'));
assert(hasOwn(obj, 'b'));
assert('toString' in obj && !hasOwn(obj, 'toString'));
if (!Object.hasOwn) {
hasOwn.shim();
}
assert.deepEqual(Object.hasOwn(obj, 'a'), hasOwn(obj, 'a'));
Simply clone the repo, npm install
, and run npm test
FAQs
Unknown package
The npm package object.hasown receives a total of 12,124,942 weekly downloads. As such, object.hasown popularity was classified as popular.
We found that object.hasown demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.