Gathering detailed insights and metrics for extend
Gathering detailed insights and metrics for extend
Installations
npm install extendReleases
Unable to fetch releases
Developer
justmoon
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
10.7.0
NPM Version
6.1.0
Statistics
341 Stars
193 Commits
68 Forks
15 Watching
1 Branches
13 Contributors
Updated on 09 Apr 2024
Bundle Size
1.25 kB
Minified
647.00 B
Minified + Gzipped
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
7,175,127,562
Last day
-1.1%
6,479,807
Compared to previous day
Last week
5%
36,102,794
Compared to previous week
Last month
22.1%
139,501,963
Compared to previous month
Last year
6.2%
1,375,574,672
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
5
Versions
extend() for Node.js 
node-extend is a port of the classic extend() method from jQuery. It behaves as you expect. It is simple, tried and true.
Notes:
- Since Node.js >= 4,
Object.assignnow offers the same functionality natively (but without the "deep copy" option). See ECMAScript 2015 (ES6) in Node.js. - Some native implementations of
Object.assignin both Node.js and many browsers (since NPM modules are for the browser too) may not be fully spec-compliant. Checkobject.assignmodule for a compliant candidate.
Installation
This package is available on npm as: extend
1npm install extend
Usage
Syntax: extend ( [deep], target, object1, [objectN] )
Extend one object with one or more others, returning the modified object.
Example:
1var extend = require('extend'); 2extend(targetObject, object1, object2);
Keep in mind that the target object will be modified, and will be returned from extend().
If a boolean true is specified as the first argument, extend performs a deep copy, recursively copying any objects it finds. Otherwise, the copy will share structure with the original object(s).
Undefined properties are not copied. However, properties inherited from the object's prototype will be copied over.
Warning: passing false as the first argument is not supported.
Arguments
deepBoolean (optional) If set, the merge becomes recursive (i.e. deep copy).targetObject The object to extend.object1Object The object that will be merged into the first.objectNObject (Optional) More objects to merge into the first.
License
node-extend is licensed under the MIT License.
Acknowledgements
All credit to the jQuery authors for perfecting this amazing utility.
Ported to Node.js by Stefan Thomas with contributions by Jonathan Buchanan and Jordan Harband.
Stable Version
The latest stable version of the package.
Stable Version
3.0.2
MODERATE
2
MODERATE
0/10
Summary
Prototype Pollution in extend
Affected Versions
< 2.0.2
Patched Versions
2.0.2
MODERATE
0/10
Summary
Prototype Pollution in extend
Affected Versions
>= 3.0.0, < 3.0.2
Patched Versions
3.0.2
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
security policy file detected
Details
- Info: security policy file detected: .github/SECURITY.md:1
- Info: Found linked content: .github/SECURITY.md:1
- Warn: One or no descriptive hints of disclosure, vulnerability, and/or timelines in security policy
- Info: Found text in security policy: .github/SECURITY.md:1
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 2/30 approved changesets -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/rebase.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/justmoon/node-extend/rebase.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/rebase.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/justmoon/node-extend/rebase.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/require-allow-edits.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/justmoon/node-extend/require-allow-edits.yml/main?enable=pin
- Info: 0 out of 1 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/node-aught.yml:1
- Warn: no topLevel permission defined: .github/workflows/node-pretest.yml:1
- Warn: no topLevel permission defined: .github/workflows/node-tens.yml:1
- Warn: no topLevel permission defined: .github/workflows/rebase.yml:1
- Warn: no topLevel permission defined: .github/workflows/require-allow-edits.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 3 are checked with a SAST tool
Score
4
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More