
Security Fundamentals
Turtles, Clams, and Cyber Threat Actors: Shell Usage
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Deprecated. Utilities for ES3, most of which have been adopted or superseded in ES5.1. Adapted from Douglas Crockford's Remedial JavaScript
Adaptation of Douglas Crockford's remedial.js
with a thin wrap for SSJS
This works in both the Browser and SSJS.
npm install remedial
require('remedial');
typeOf
is taken from jQuery.type
, which is more accurate than Crockford's original and even simpler
than the "Flanagan / Miller device".
There is a more specific typeof() implementation also worthy of consideration.
Since JavaScript is a loosely-typed language, it is sometimes necessary to examine a value to determine its type. (This is sometimes necessary in strongly typed languages as well.) JavaScript provides a typeof operator to facilitate this, but typeof has problems.
typeof typeOf
Object 'object' 'object'
Array 'object' 'array'
Function 'function' 'function'
String 'string' 'string'
Number 'number' 'number'
Boolean 'boolean' 'boolean'
null 'object' 'null'
undefined 'undefined' 'undefined'
typeof [] produces 'object' instead of 'array'. That isn't totally wrong since arrays in JavaScript inherit from objects, but it isn't very useful. typeof null produces 'object' instead of 'null'. That is totally wrong.
We can correct this by defining our own typeOf function, which we can use in place of the defective typeof operator.
isEmpty(v) returns true if v is an object containing no enumerable members.
JavaScript provides some useful methods for strings, but leaves out some important ones. Fortunately, JavaScript allows us to add new methods to the basic types.
entityify() produces a string in which '<', '>', and '&' are replaced with their HTML entity equivalents. This is essential for placing arbitrary strings into HTML texts. So,
"if (a < b && b > c) {".entityify()
produces
"if (a < b && b > c) {"
quote() produces a quoted string. This method returns a string that is like the original string except that it is wrapped in quotes and all quote and backslash characters are preceded with backslash.
supplant() does variable substitution on the string. It scans through the string looking for expressions enclosed in { } braces. If an expression is found, use it as a key on the object, and if the key has a string value or number value, it is substituted for the bracket expression and it repeats. This is useful for automatically fixing URLs. So
param = {domain: 'valvion.com', media: 'http://media.valvion.com/'}; url = "{media}logo.gif".supplant(param);
produces a url containing "http://media.valvion.com/logo.gif".
The trim() method removes whitespace characters from the beginning and end of the string.
FAQs
Deprecated. Utilities for ES3, most of which have been adopted or superseded in ES5.1. Adapted from Douglas Crockford's Remedial JavaScript
The npm package remedial receives a total of 2,374,462 weekly downloads. As such, remedial popularity was classified as popular.
We found that remedial demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.
Product
We redesigned our GitHub PR comments to deliver clear, actionable security insights without adding noise to your workflow.