Gathering detailed insights and metrics for realistic-structured-clone
Gathering detailed insights and metrics for realistic-structured-clone
A pure JS implementation of the structured clone algorithm (or at least something pretty close to that).
Installations
npm install realistic-structured-cloneReleases
Unable to fetch releases
Developer
dumbmatter
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
17.7.1
NPM Version
8.5.2
Statistics
25 Stars
58 Commits
8 Forks
6 Watching
3 Branches
4 Contributors
Updated on 29 Apr 2022
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
41,076,359
Last day
-7.8%
58,324
Compared to previous day
Last week
-4.3%
302,361
Compared to previous week
Last month
28.1%
1,321,995
Compared to previous month
Last year
-14%
12,818,811
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
3
Dev Dependencies
6
Versions
Realistic Structured Clone 
You might not need this anymore! A native structuredClone function is available in many recent environments, such as Node v17 and Firefox v94. Check if your target environment has structuredClone built in. If it does, use that.
This is a pure JS implementation of the structured clone algorithm (or at least something pretty close to that).
Why do you want this? Well, you probably don't. If your goal is to just clone a JS object, you're better off with lodash's _.cloneDeep or the popular clone module on npm.
Let's try again... why do you want this? If you are making an implementation of an API that explicitly uses the structured clone algorithm (such as IndexedDB), then you want something that handles quirks and edge cases exactly like the structured clone algorithm. That's what realistic-structured-clone is for. It's not totally there (see below) but it's a decent start.
Use
$ npm install realistic-structured-clone
Then use it:
// First load the module
// (Use Browserify or something if you're targeting the web)
var structuredClone = require('realistic-structured-clone');
// Clone a variable (will throw a DataCloneError for invalid input)
var clonedX = structuredClone(x);
Alternatives
If you look around, you'll notice various modules calling themselves implementations of the structured clone algorithm, such as the structured-clone package on npm. But that package, like all the others I've seen, doesn't actually seem to be an attempt at implementing the structured clone algorithm. It's just some arbitrary type of clone. As I wrote above, this distinction only matters if you really care about the nuances of the structured clone algorithm, which you probably don't.
If you're working in the browser, you can do something like this to do a real structured clone:
function clone(x) {
return new Promise(function (resolve, reject) {
window.addEventListener('message', function(e) {
resolve(e.data);
});
window.postMessage(x, "*");
});
}
var x = {a:[1,2,3], b:{c:1}};
clone(x).then(function(cloned) {
console.log("x: %s", JSON.stringify(x));
console.log("cloned: %s", JSON.stringify(cloned));
console.log("x == cloned %s", x == cloned);
console.log("x === cloned %s", x === cloned);
});
However, that won't help you in Node.js. It's also asynchronous, which could be a problem. realistic-structured-clone is synchronous and works everywhere.
Current State
As of version 2.0, it should be pretty damn close to the spec! However it is now just a light wrapper around the Typeson structured-cloning-throwing preset.
License
Apache 2.0
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
Found 4/26 approved changesets -- score normalized to 1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/dumbmatter/realistic-structured-clone/tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/dumbmatter/realistic-structured-clone/tests.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1
- Info: no jobLevel write permissions found
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
license file not detected
Details
- Warn: project does not have a license file
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 8 are checked with a SAST tool
Reason
11 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-x9w5-v3q2-3rhw
- Warn: Project is vulnerable to: GHSA-434g-2637-qmqr
- Warn: Project is vulnerable to: GHSA-49q7-c7j4-3p7m
- Warn: Project is vulnerable to: GHSA-977x-g7h5-7qgw
- Warn: Project is vulnerable to: GHSA-f7q4-pwc6-w24p
- Warn: Project is vulnerable to: GHSA-fc9h-whq2-v747
- Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
Score
2.3
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More