Security News
Crates.io Implements Trusted Publishing Support
Crates.io adds Trusted Publishing support, enabling secure GitHub Actions-based crate releases without long-lived API tokens.
By Sarah Gooding - Jul 16, 2025
You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
tassign
This is a simple wrapper for fixed-arity, subset-typed, non-mutating Object.assign.
Why?
This came about when writing Redux reducers in TypeScript. Since reducers must not
mutate the passed in state, a common pattern is to 'set' store properties using Object.assign():
interface IMyState {
foo: Number;
}
function myReducer(state: IMyState, action: Action) {
switch(action.type) {
case SET_FOO_ACTION:
return Object.assign({}, state, { foo: 3 });
}
return state;
}
This works well enough. Object.assign to an empty object produces a new object with the new value
of foo. However I wasn't happy with it from a type-enforcement perspective.
The reason is that for a reducer use case, I would like to enforce that the reducer can only set known
properties of IMyState.
Using the regular, intersection-based Object.assign typings, this is perfectly legal:
interface IMyState {
foo: Number;
}
function myReducer(state: IMyState, action: Action) {
switch(action.type) {
case SET_FOO_ACTION:
// No TS error - I would like there to be.
return Object.assign({}, state, { foo: 3, bar: 'wat' });
}
return state;
}
Formally, Object.assign(t:T, u:U) returns a type which is the intersection of T & U, meaning that properties
can be added onto the assignee. This is reasonable in the general case for Object.assign, but it's not what
I want in a reducer.
In a reducer, I want assign(t:T, u:U) to enforce a subset rule: the return value should be an instance of T, and only
subsets of T's type are legal values for U. In short I want to make sure you can only assign members of U to the
object returned by the reducer.
So, here's a utility that handles the typings the way I want in a reducer:
interface IMyState {
foo: Number;
}
function myReducer(state: IMyState, action: Action) {
switch(action.type) {
case SET_FOO_ACTION:
// Returns a new object with the type of the first argument.
// Type of the second argument must be a subset of the type of the first argument.
// Fails: bar is not a member of IMyState.
return tassign(state, { foo: 3, bar: 'wat' });
}
return state;
}
FAQs
Fixed-arity, subset-typed, non-mutating Object.assign.
The npm package tassign receives a total of 1,423 weekly downloads. As such, tassign popularity was classified as popular.
We found that tassign demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 07 Nov 2016
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Tracking Protestware Spread: 28 npm Packages Affected by Payload Targeting Russian-Language Users
Undocumented protestware found in 28 npm packages disrupts UI for Russian-language users visiting Russian and Belarusian domains.
By Olivia Brown - Jul 15, 2025
Research
/Security News
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader
North Korean threat actors deploy 67 malicious npm packages using the newly discovered XORIndex malware loader.
By Kirill Boychenko - Jul 14, 2025