Gathering detailed insights and metrics for @d-fischer/klona
Gathering detailed insights and metrics for @d-fischer/klona
A tiny (366B) and fast utility to "deep clone" Objects, Arrays, Dates, RegExps, and more!
Installations
npm install @d-fischer/klonaDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Min. Node Version
>= 8
Node Version
14.0.0
NPM Version
6.14.4
Releases
Unable to fetch releases
Languages
1
JavaScript
JavaScript (100%)
Developer
d-fischer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
48 Commits
1 Watchers
2 Branches
1 Contributors
Updated on Apr 30, 2020
Maintainers
1
Package Meta Information
Latest Version
1.1.5
Package Id
@d-fischer/klona@1.1.5
Size
3.50 kB
NPM Version
6.14.4
Node Version
14.0.0
Published on
Apr 30, 2020
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
4
A tiny (366B) and fast utility to "deep clone" Objects, Arrays, Dates, RegExps, and more!
Features
- Super tiny and performant
- Deep clone / recursive copies
- Safely handles complex data types
Array, Date, Map, Object, RegExp, Set, TypedArray
Unlike a "shallow copy" (eg, Object.assign), a "deep clone" recursively traverses a source input and copies its values — instead of references to its values — into a new instance of that input. The result is a structurally equivalent clone that operates independently of the original source and controls its own values.
Additionally, this module is delivered as:
- ES Module:
dist/klona.mjs - CommonJS:
dist/klona.js - UMD:
dist/klona.min.js
Why "klona"? It's "clone" in Swedish.
What's with the sheep? Dolly.
Install
$ npm install --save klona
Usage
1import klona from 'klona'; 2 3const input = { 4 foo: 1, 5 bar: { 6 baz: 2, 7 bat: { 8 hello: 'world' 9 } 10 } 11}; 12 13const output = klona(input); 14 15// exact copy of original 16assert.deepStrictEqual(input, output); 17 18// applying deep updates... 19output.bar.bat.hola = 'mundo'; 20output.bar.baz = 99; 21 22// ...doesn't affect source! 23console.log( 24 JSON.stringify(input, null, 2) 25); 26// { 27// "foo": 1, 28// "bar": { 29// "baz": 2, 30// "bat": { 31// "hello": "world" 32// } 33// } 34// }
API
klona(input)
Returns: typeof input
Returns a deep copy/clone of the input.
Benchmarks
via Node.js v10.13.0
Validation:
✘ JSON.stringify (FAILED @ "initial copy")
✘ fast-clone (FAILED @ "initial copy")
✔ lodash
✔ clone-deep
✘ deep-copy (FAILED @ "initial copy")
✔ depcopy
✔ klona
Benchmark:
JSON.stringify x 37,803 ops/sec ±0.68% (89 runs sampled)
fast-clone x 24,210 ops/sec ±0.81% (91 runs sampled)
lodash x 40,563 ops/sec ±1.10% (94 runs sampled)
clone-deep x 85,020 ops/sec ±0.17% (95 runs sampled)
deep-copy x 116,139 ops/sec ±0.29% (96 runs sampled)
depcopy x 24,392 ops/sec ±0.71% (96 runs sampled)
klona x 274,496 ops/sec ±0.15% (99 runs sampled)
Related
- dlv – safely read from deep properties in 120 bytes
- dset – safely write into deep properties in 160 bytes
- dequal – safely check for deep equality in 247 bytes
License
MIT © Luke Edwards
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/d-fischer/klona/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/d-fischer/klona/ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:23
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:24
- Warn: downloadThenRun not pinned by hash: .github/workflows/ci.yml:33
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 downloadThenRun dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
no SAST tool detected
Details
- Warn: no pull requests merged into dev branch
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Score
3.4
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More