Security News
AI Agent Lands PRs in Major OSS Projects, Targets Maintainers via Cold Outreach
An AI agent is merging PRs into major OSS projects and cold-emailing maintainers to drum up more work.
By Sarah Gooding - Feb 14, 2026
Latest Threat Research:Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise.Details →
shake-tree
Shake the tastiest fruits from your deep object tree
Why?
This module is used by the Electron team to help internationalize our documentation. We parse all of our API docs into a structured format that looks a bit like this:
{
name: 'BrowserWindow',
description: 'Create and control browser windows.',
process: {
main: true,
renderer: false
},
type: 'Class',
instanceName: 'win',
slug: 'browser-window',
websiteUrl: 'http://electron.atom.io/docs/api/browser-window',
repoUrl: 'https://github.com/electron/electron/blob/v1.4.0/docs/api/browser-window.md',
staticMethods: [...],
instanceMethods: [...],
instanceProperties: [...],
instanceEvents: [...]
}
Some parts of this structured data (like method names and arguments) needs to stay in English, whereas other parts of it (like descriptions) need to extracted for translation into other languages.
That's where shake-tree comes in. It gives us a way to extract just
the content we need from this deep object.
Installation
With npm:
npm install shake-tree --save
With Yarn:
yarn add shake-tree
Usage
const shakeTree = require('.')
// Given some arbitrarily-shaped object tree:
const input = {
a: 'just a string',
b: {
description: 'this is b description'
},
c: {
title: 'this is c title',
description: 'this is c description',
descriptionExtended: 'this is the extended description'
}
}
// You can pull out just the values you want by key:
const output = shakeTree(input, 'description')
console.log(output)
// { b: { description: 'this is b description' },
// c: { description: 'this is c description' } }
// You can also specify multiple keys to match:
shakeTree(input, ['description', 'title'])
Tests
npm install
npm test
Dependencies
- flat: Take a nested Javascript object and flatten it, or unflatten an object with delimited keys
- lodash.set: The lodash method
_.setexported as a module.
Dev Dependencies
- chai: BDD/TDD assertion library for node.js and the browser. Test framework agnostic.
- electron-api-docs: Electron's API documentation in a structured JSON format
- mocha: simple, flexible, fun test framework
- standard: JavaScript Standard Style
- standard-markdown: Test your Markdown files for Standard JavaScript Style™
License
MIT
FAQs
Shake the tastiest fruits from your deep object tree
We found that shake-tree demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 19 May 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Malicious Chrome Extension Steals Meta Business Manager Exports and TOTP 2FA Seeds
Chrome extension CL Suite by @CLMasters neutralizes 2FA for Facebook and Meta Business accounts while exfiltrating Business Manager contact and analytics data.
By Kirill Boychenko - Feb 13, 2026
Security News
AI Agent Submits PR to Matplotlib, Publishes Angry Blog Post After Rejection
After Matplotlib rejected an AI-written PR, the agent fired back with a blog post, igniting debate over AI contributions and maintainer burden.
By Sarah Gooding - Feb 12, 2026