justinlettau / ts-dot-prop Goto Github PK
View Code? Open in Web Editor NEWTypeScript utility to transform nested objects using a dot notation path.
License: MIT License
TypeScript utility to transform nested objects using a dot notation path.
License: MIT License
Issue manifests when you have an object containing an object and additional properties after said nested object.
Would expect all trees properly return with their nested prefixes
const howToBreakIt = {
something: false,
someObject: {
someNestedObject: {
someProperty: 1
},
someBoolean: false
}
};
Expected results are:
['something', 'someObject.someNestedObject.someProperty', 'someObject.someBoolean']
Current version produces:
['something', 'someObject.someNestedObject.someProperty', 'someBoolean']
I have a fix for this that I will PR in as 2.1.1 shortly. The issue is we are resetting the lead
array instead of just popping off the last prefix in the chain.
lead = [];
needs to be
lead.pop();
When trying to get nested values from an array, if the property names contain digits the library fails to resolve the values.
Example:
const obj = [
{
prop1: 'nested1'
},
{
prop1: 'nested2'
}
]
get(obj, "prop1"); // undefined
In the example above:
get(obj, "prop1")// ['nested1', 'nested2']
I believe the solution is to restrict the indexer
RegExp to match only digits rather than a string containing digits.
I will submit a PR for this fix.
When you try to use the sourcemap, module builder gives the following error:
Sourcemap for "/node_modules/ts-dot-prop/dist/index.js" points to missing source files
src/
folder is included in package.
Simply use the package in a module builder with sourcemaps activated.
I will create a pull request.
There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.
Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.
npm install ts-dot-prop
does not produce the latest code
I expect the lead.pop()
fix from the last PR merge to be included in the 2.1.1 npm distribution
mkdir ts-dot-prop-test
cd ts-dot-prop-test
npm i ts-dot-prop
cd node_modules/dist/ts-dot-prop
^ witness in index.js that it still contains lead = []
I have attempted force clearing my npm cache to no avail. Not sure if there's anything else to try
The issue in issue#20 is not completely fixed yet.
I have re-run the POC against the latest version 1.4.1 and the vulnerability triggered again.
Please contact me for the POC if required. Thanks.
When trying to get the property from objects nested within multiple levels of arrays, results in undefined.
Should return nested arrays reflecting the defined path.
const object = {
arr: [
{
content: [
{a: 1, b: 2, c: 3},
{a: 4, b: 5, c: 6}
]
},
{
content: [
{a: 6, b: 7, c: 8},
{a: 9, b: 10, c:11}
]
}
]
}
get(object, 'arr[*].content[*].a') // Expect: [ [ 1, 4 ], [ 6, 9 ] ], Actual: [ undefined, undefined ]
I would like to report a Prototype pollution vulnerability in "ts-dot-prop".
It fails to restrict access to prototypes of objects, allowing for modification of prototype behavior, which may allow obtaining sensitive information/DoS/RCE.
Please contact me for the POC if required. Thanks.
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
@types/jest
, jest
, ts-jest
).github/workflows/ci.yml
actions/checkout v3
codecov/codecov-action v3
package.json
ts-util-is ^2.0.0
@types/jest ^28.1.6
@typescript-eslint/eslint-plugin ^5.30.7
@typescript-eslint/parser ^5.30.7
eslint ^8.20.0
eslint-config-prettier ^8.5.0
jest ^28.1.3
prettier ^2.7.1
pretty-quick ^3.1.3
standard-version ^9.5.0
ts-jest ^28.0.7
ts-node ^10.9.1
typescript ^4.7.4
node ^12.20.0 || ^14.13.1 || >=16.0.0
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.