Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
By Sarah Gooding - Apr 23, 2024
- Version published
- Weekly downloads
- 17M
- increased by1.38%
- Maintainers
- 2
- Install size
- 24.2 kB
- Created
- Weekly downloads
Package description
What is rfdc?
The rfdc (Really Fast Deep Clone) npm package is a module that provides a very fast deep cloning function for copying complex data structures in JavaScript. It is optimized for performance and can handle various types of data including objects, arrays, dates, and more.
What are rfdc's main functionalities?
Deep cloning objects
This feature allows you to create a deep clone of an object, meaning that all nested objects and arrays are also recursively cloned.
{"const rfdc = require('rfdc')();
const obj = { a: 1, b: { c: 2 } };
const clone = rfdc(obj);
console.log(clone); // { a: 1, b: { c: 2 } }"}Deep cloning arrays
This feature allows you to create a deep clone of an array, including cloning all nested arrays and objects within it.
{"const rfdc = require('rfdc')();
const arr = [1, [2, 3], [4, 5]];
const clone = rfdc(arr);
console.log(clone); // [1, [2, 3], [4, 5]]"}Customizing clone behavior
This feature allows you to customize the cloning behavior, such as whether to preserve the prototype chain or handle circular references.
{"const rfdc = require('rfdc')({ proto: false, circles: false });
const obj = { a: 1 };
obj.b = obj;
// Throws an error because 'circles: false' does not allow circular references.
const clone = rfdc(obj);"}Other packages similar to rfdc
lodash
Lodash is a popular utility library that includes a deep cloning function (_.cloneDeep). It is more feature-rich than rfdc but may be slower for deep cloning large objects.
clone-deep
Clone-deep is another npm package that provides deep cloning functionality. It offers a similar feature set to rfdc but with different performance characteristics and additional options for cloning.
deep-copy
Deep-copy is a package that also allows for deep cloning of objects and arrays. It compares to rfdc in terms of functionality but may have different performance trade-offs.
Readme
rfdc
Really Fast Deep Clone
Usage
const clone = require('rfdc')()
clone({a: 1, b: {c: 2}}) // => {a: 1, b: {c: 2}}
API
require('rfdc')(opts = { proto: false, circles: false }) => clone(obj) => obj2
proto option
Copy prototype properties as well as own properties into the new object.
It's marginally faster to allow enumerable properties on the prototype to be copied into the cloned object (not onto it's prototype, directly onto the object).
To explain by way of code:
require('rfdc')({ proto: false })(Object.create({a: 1})) // => {}
require('rfdc')({ proto: true })(Object.create({a: 1})) // => {a: 1}
Setting proto to true will provide an additional 2% performance boost.
circles option
Keeping track of circular references will slow down performance with an
additional 25% overhead. Even if an object doesn't have any circular references,
the tracking overhead is the cost. By default if an object with a circular
reference is passed to rfdc, it will throw (similar to how JSON.stringify
would throw).
Use the circles option to detect and preserve circular references in the
object. If performance is important, try removing the circular reference from
the object (set to undefined) and then add it back manually after cloning
instead of using this option.
default import
It is also possible to directly import the clone function with all options set to their default:
const clone = require("rfdc/default")
clone({a: 1, b: {c: 2}}) // => {a: 1, b: {c: 2}}
Types
rfdc clones all JSON types:
ObjectArrayNumberStringnull
With additional support for:
Date(copied)undefined(copied)Buffer(copied)TypedArray(copied)Map(copied)Set(copied)Function(referenced)AsyncFunction(referenced)GeneratorFunction(referenced)arguments(copied to a normal object)
All other types have output values that match the output
of JSON.parse(JSON.stringify(o)).
For instance:
const rfdc = require('rfdc')()
const err = Error()
err.code = 1
JSON.parse(JSON.stringify(e)) // {code: 1}
rfdc(e) // {code: 1}
JSON.parse(JSON.stringify({rx: /foo/})) // {rx: {}}
rfdc({rx: /foo/}) // {rx: {}}
Benchmarks
npm run bench
benchDeepCopy*100: 457.568ms
benchLodashCloneDeep*100: 1230.773ms
benchCloneDeep*100: 655.208ms
benchFastCopy*100: 747.017ms
benchRfdc*100: 281.018ms
benchRfdcProto*100: 277.265ms
benchRfdcCircles*100: 328.148ms
benchRfdcCirclesProto*100: 323.004ms
Tests
npm test
169 passing (342.514ms)
Coverage
npm run cov
----------|----------|----------|----------|----------|-------------------|
File | % Stmts | % Branch | % Funcs | % Lines | Uncovered Line #s |
----------|----------|----------|----------|----------|-------------------|
All files | 100 | 100 | 100 | 100 | |
index.js | 100 | 100 | 100 | 100 | |
----------|----------|----------|----------|----------|-------------------|
License
MIT
FAQs
Really Fast Deep Clone
The npm package rfdc receives a total of 13,478,764 weekly downloads. As such, rfdc popularity was classified as popular.
We found that rfdc demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Last updated on 14 Mar 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
By Sarah Gooding - Apr 19, 2024
Research
Security News
npm Package for ReExt React Components Library Exfiltrates Git Credentials
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
By Sarah Gooding, Socket Research Team - Apr 18, 2024