Gathering detailed insights and metrics for doc-path
Gathering detailed insights and metrics for doc-path
Installations
npm install doc-pathDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=16
Node Version
20.15.0
NPM Version
10.7.0
Score
99.7
Supply Chain
100
Quality
77
Maintenance
100
Vulnerability
100
License
Releases
18
Languages
2
TypeScript
JavaScript
TypeScript (93.91%)
JavaScript (6.09%)
Developer
mrodrig
Download Statistics
Total Downloads
46,652,411
Last Day
30,404
Last Week
540,587
Last Month
2,276,397
Last Year
22,121,469
GitHub Statistics
4 Stars
115 Commits
2 Forks
1 Watchers
1 Branches
2 Contributors
Updated on Jul 13, 2024
Bundle Size
1.74 kB
Minified
780.00 B
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
4.1.2
Package Id
doc-path@4.1.2
Unpacked Size
11.82 kB
Size
3.82 kB
File Count
4
NPM Version
10.7.0
Node Version
20.15.0
Published on
Jul 13, 2024
Total Downloads
Cumulative downloads
Total Downloads
46,652,411
Last Day
9%
30,404
Compared to previous day
Last Week
-8.7%
540,587
Compared to previous week
Last Month
13.9%
2,276,397
Compared to previous month
Last Year
127.1%
22,121,469
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
A Document Path Library for Node
This module will take paths in documents which can include nested paths specified by '.'s and can evaluate the path to a value, or can set the value at that path depending on the function called.
Installation
1$ npm install doc-path
Usage
1let path = require('doc-path');
API
path.evaluatePath(document, key)
document-Object- A JSON document that will be iterated over.key-String- A path to the existing key whose value will be returned.- Note: If your key has a dot in it (eg.
a.b) then be sure to escape the dot with a blackslash (eg.a\\.b).
- Note: If your key has a dot in it (eg.
If the key does not exist, undefined is returned.
If the object's structure is extremely deep, then an error may be thrown if the maximum call stack size is exceeded while traversing the object.
path.evaluatePath Example:
1const path = require('doc-path'); 2 3let document = { 4 Make: 'Nissan', 5 Model: 'Murano', 6 Year: '2013', 7 Specifications: { 8 Mileage: '7106', 9 Trim: 'S AWD' 10 }, 11 Features: [ 12 { 13 feature: 'A/C', 14 packages: [ 15 {name: 'Base'}, 16 {name: 'Premium'} 17 ] 18 }, 19 { 20 feature: 'Radio', 21 packages: [ 22 {name: 'Convenience'}, 23 {name: 'Premium'} 24 ] 25 } 26 ] 27}; 28 29console.log(path.evaluatePath(document, 'Make')); 30// => 'Nissan' 31 32console.log(path.evaluatePath(document, 'Specifications.Mileage')); 33// => '7106' 34 35console.log(path.evaluatePath(document, 'Features.feature')); 36// => [ 'A/C', 'Radio' ] 37 38console.log(path.evaluatePath(document, 'Features.packages.name')); 39// => [ ['Base', 'Premium'], ['Convenience', 'Premium'] ]
path.setPath(document, key, value)
document-Object- A JSON document that will be iterated over.key-String- A path to the existing key whose value will be set.- Note: If your key has a dot in it (eg.
a.b) then be sure to escape the dot with a blackslash (eg.a\\.b).
- Note: If your key has a dot in it (eg.
value-*- The value that will be set at the given key.
If the key does not exist, then the object will be built up to have that path. If no document is provided, an error will be thrown. If the object's structure is extremely deep, then an error may be thrown if the maximum call stack size is exceeded while traversing the object.
path.setPath Example:
1const path = require('doc-path'); 2 3let document = { 4 Make: 'Nissan', 5 Features: [ 6 { feature: 'A/C' } 7 ] 8}; 9 10console.log(path.setPath(document, 'Color.Interior', 'Tan')); 11/* 12 { 13 Make: 'Nissan', 14 Features: [ 15 { feature: 'A/C' } 16 ] 17 Color: { 18 Interior: 'Tan' 19 } 20 } 21*/ 22 23console.log(path.setPath(document, 'StockNumber', '34567')); 24/* 25 { 26 Make: 'Nissan', 27 Features: [ 28 { feature: 'A/C' } 29 ] 30 Color: { 31 Interior: 'Tan' 32 }, 33 StockNumber: '34567' 34 } 35*/ 36 37console.log(path.setPath(document, 'Features.cost', '$0 (Standard)')); 38 /* 39 { 40 Make: 'Nissan', 41 Features: [ 42 { 43 feature: 'A/C', 44 cost: '$0 (Standard)' 45 } 46 ] 47 Color: { 48 Interior: 'Tan' 49 }, 50 StockNumber: '34567' 51 } 52 */
Tests
1$ npm test
Note: This requires mocha, should, async, and underscore.
To see test coverage, please run:
1$ npm run coverage
Current Coverage is:
Statements : 100% ( 33/33 )
Branches : 100% ( 24/24 )
Functions : 100% ( 3/3 )
Lines : 100% ( 29/29 )
Features
- Supports keys with escaped
.characters (as of v3.0.0) - Supports nested paths
- Including keys of objects inside arrays! (as of v2.0.0)
- Same common path specification as other programs such as MongoDB
Critical
9.8/10
Summary
Prototype Pollution in doc-path
Affected Versions
< 2.1.2
Patched Versions
2.1.2
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
6 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-76p7-773f-r4q5
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/automated-tests-workflow.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mrodrig/doc-path/automated-tests-workflow.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/automated-tests-workflow.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/mrodrig/doc-path/automated-tests-workflow.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/automated-tests-workflow.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/mrodrig/doc-path/automated-tests-workflow.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/automated-tests-workflow.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/mrodrig/doc-path/automated-tests-workflow.yml/main?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
Found 0/10 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/automated-tests-workflow.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 26 are checked with a SAST tool
Score
3
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More