extend(true, [], [{a:{b:[c:{d:1}],}]) doesn't work - it does nothing

When var frozenObj = extend({}, sourceObj); is selected for a delayed write (file/mysql/mongodb), changes to sourceObj reflect on the new and anonymous object {} and are mistakenly written too. I thought the first object was supposed to be extended with copied properties, not with references.

Hey, In your README.md file it states that it's

MIT or GPL Version 2

However in the LICENSE.md file it says that it's:

MIT and GPL2

So which is true? The "OR" version or the "AND" one?

Could you change the "LICENSE.md" file to have the "OR" instead of "AND" because I guess this was the intention?

I am a little confused about the licensing. The link to the jQuery license makes no mention of the GPL: https://jquery.org/license/

What exactly does the dual licensing entail? Could this project be effectively treated as MIT?

Deep copy is broken.

The fix is simple enough:

(1) hasOwn (line 16)

This does not get called, unless you pass 'true' as the first parameter. To fix it, I've commented out the existing 'hasOwn' and called 'hasOwnProperty', instead:

return key === undefined || obj.hasOwnProperty(key);// hasOwn.call( obj, key );

(2) extend

The error says, "extend does not exist." Again, this only gets called recursively when "true" is passed as the first argument.
To fix it, just call the main function "extend", then assign module.exports afterward:

a) function extend () {
var options, name, src, copy, copyIsArray, clone,
    target = arguments[0] || {},
   ...

then, at the end of the file:

module.exports = extend;

Hey there!

I belong to an open source security research community, and a member (@ranjit-git) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

Hi,

Under what license do you distribute node.extend ?

MIT or GNU GPL ?

with markdown format

Hello,

We are using https://cloud.aquasec.com/platform/ tool to scan vulnerabilities in our product which is built on MERN stack. node.extend is used as dependency in one of our app and the tool is showing below critical dependency

https://nvd.nist.gov/vuln/detail/CVE-2018-16491

Because of this we are facing hard time with our customers and they are insisting us to fix all the critical vulnerabilities in the product.

Can you please help us to solve this issue?

Regards,
Hiren

Hi, shouldn't it also support multiple Object Literal as arguments?