Skip to content
Permalink
Browse files Browse the repository at this point in the history
1.0.1
+ Prototype Pollution fix
+ dependencies are up to date
  • Loading branch information
strikeentco committed Oct 29, 2020
1 parent 2e246ec commit 102cc6b
Show file tree
Hide file tree
Showing 7 changed files with 2,839 additions and 3,951 deletions.
4 changes: 2 additions & 2 deletions .travis.yml
@@ -1,7 +1,7 @@
language: node_js
node_js:
- "8"
- "6"
- "12"
- "10"
before_script:
- curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
- chmod +x ./cc-test-reporter
Expand Down
2 changes: 1 addition & 1 deletion LICENSE
@@ -1,6 +1,6 @@
The MIT License (MIT)

Copyright (c) 2018 Alexey Bystrov
Copyright (c) 2018-present Alexey Bystrov

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
Expand Down
6 changes: 3 additions & 3 deletions README.md
@@ -1,8 +1,8 @@
set [![License](https://img.shields.io/npm/l/@strikeentco/set.svg)](https://github.com/strikeentco/set/blob/master/LICENSE) [![npm](https://img.shields.io/npm/v/@strikeentco/set.svg)](https://www.npmjs.com/package/@strikeentco/set)
==========
[![Build Status](https://travis-ci.org/strikeentco/set.svg)](https://travis-ci.org/strikeentco/set) [![node](https://img.shields.io/node/v/@strikeentco/set.svg)](https://www.npmjs.com/package/@strikeentco/set) [![Test Coverage](https://api.codeclimate.com/v1/badges/450e530044d31f690dc5/test_coverage)](https://codeclimate.com/github/strikeentco/set/test_coverage) [![bitHound Score](https://www.bithound.io/github/strikeentco/set/badges/score.svg)](https://www.bithound.io/github/strikeentco/set)
[![Build Status](https://travis-ci.org/strikeentco/set.svg)](https://travis-ci.org/strikeentco/set) [![node](https://img.shields.io/node/v/@strikeentco/set.svg)](https://www.npmjs.com/package/@strikeentco/set) [![Test Coverage](https://api.codeclimate.com/v1/badges/450e530044d31f690dc5/test_coverage)](https://codeclimate.com/github/strikeentco/set/test_coverage)

One of the smallest (*24 sloc*) and most effective implementations of setting a nested value on an object.
One of the smallest (*31 sloc*) and most effective implementations of setting a nested value on an object.

# Usage

Expand Down Expand Up @@ -41,4 +41,4 @@ set({ a: { b: 'c' } }, 'a:b', 'd', ':');
## License

The MIT License (MIT)<br/>
Copyright (c) 2018 Alexey Bystrov
Copyright (c) 2018-present Alexey Bystrov
19 changes: 18 additions & 1 deletion main.js
@@ -1,22 +1,39 @@
'use strict';

const isObject = val => typeof val === 'object' || typeof val === 'function';
/* eslint-disable no-continue */

const isObject = (val) => typeof val === 'object' || typeof val === 'function';
const isProto = (val, obj) => val === '__proto__' || (val === 'constructor' && typeof obj.constructor === 'function');
const set = (obj, parts, length, val) => {
let tmp = obj;
let i = 0;
for (; i < length - 1; i++) {
const part = parts[i];
if (isProto(part, tmp)) {
continue;
}
tmp = !isObject(tmp[part]) ? tmp[part] = {} : tmp[part];
}
tmp[parts[i]] = val;
return obj;
};

/**
* Sets nested values on an object using a dot path or custom separator
* @param {Object} obj
* @param {String|Array} path
* @param {Any} val
* @param {String} [sep = '.']
* @returns {Object}
*/
module.exports = (obj, path, val, sep = '.') => {
if (!isObject(obj) || !path || !path.length) {
return obj;
}
const parts = Array.isArray(path) ? path : String(path).split(sep);
if (isProto(parts[0], obj)) {
return obj;
}
const { length } = parts;
if (length === 1) {
obj[parts[0]] = val;
Expand Down

1 comment on commit 102cc6b

@abergmann
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CVE-2020-28267 was assigned to this commit.

Please sign in to comment.