dset
dset copied to clipboard
lukeed
A tiny (194B) utility for safely writing deep Object values~!
Includes type definitions to handle deep merging of nested objects and overwriting arrays. The types ensure that primitive values from the second argument (U) overwrite those in the first (T),...
Identifiers [pkg:npm/[email protected]](https://ossindex.sonatype.org/component/pkg:npm/[email protected]?utm_source=dependency-check&utm_medium=integration&utm_content=8.2.1) (Confidence:Highest) [cpe:2.3:a:dset_project:dset:3.1.3:*:*:*:*:*:*:*](https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Adset_project&cpe_product=cpe%3A%2F%3Adset_project%3Adset&cpe_version=cpe%3A%2F%3Adset_project%3Adset%3A3.1.3) (Confidence:Highest) Published Vulnerabilities [CVE-2022-25645](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25645) All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype pollution by...
Bumps [set-value](https://github.com/jonschlinkert/set-value) from 3.0.2 to 3.0.3. Commits 170ceff 3.0.3 09c4b10 back port patch for 4.0.1 See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Given following code: ```js const host = { arr: ['hello'] } const { dset } = require('dset/merge') dset(host, 'arr', ['world']) // or const host = { arr: ['hello'] } const...
`dset` mutates the source object but doesn't return it. If the object was returned, we would get these advantages: - would simplify the case of immutability: instead of having to...
This test currently fails: ```js objects(`should ${verb} null values`, () => { let { input } = prepare({ hello: null }); dset(input, ['hello', 'a'], 123); assert.equal(input, { hello: { a:...
This test currently fails: ```js objects(`should ${verb} empty string property`, () => { let { input } = prepare({}); dset(input, ["hello", ""], 123); assert.equal(input, { hello: { "": 123 },...
👋 I believe I have discovered a bug in this library based on [GraphiQL](https://github.com/graphql/graphiql/blob/main/packages/graphiql/src/components/GraphiQL.tsx#L1396) usage of the library. If given: ```js import { dset } from "dset/merge" let input =...
I noticed that there is a weird bug when using `dset` with `mobx`: ``` dset(data, "a.b.c", 1) ``` If `data` is an mobx observable (a deep and proxied one), `dset`...
Any particular reason `3.1.4` is on npm but there's no discrete release here for it?
