{"id":11106,"library":"is","title":"JavaScript Type Testing Utility","description":"The `is` library is a lightweight, comprehensive JavaScript utility designed for type and value testing. It provides a rich API to determine the type or specific characteristics of a variable, offering functions like `is.string()`, `is.array()`, `is.empty()`, `is.equal()`, and many more for common JavaScript types and states. Currently stable at version 3.3.2, the package maintains a steady but not rapid release cadence, primarily focusing on bug fixes and dependency updates. Its key differentiator is the extensive, declarative API that simplifies complex type checks, often replacing verbose `typeof` or `instanceof` chains, making code more readable and robust. It's widely used in both Node.js and browser environments for input validation, conditional logic, and defensive programming.","status":"maintenance","version":"3.3.2","language":"javascript","source_language":"en","source_url":"git://github.com/enricomarino/is","tags":["javascript","util","type","test"],"install":[{"cmd":"npm install is","lang":"bash","label":"npm"},{"cmd":"yarn add is","lang":"bash","label":"yarn"},{"cmd":"pnpm add is","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"The library primarily exposes its utilities via a default export (a single object named 'is'). While older Node.js versions use `require('is')`, modern ESM-driven environments should use `import is from 'is';`. Individual functions are then accessed as properties of the `is` object (e.g., `is.string('hello')`).","wrong":"import { is } from 'is'; // Incorrect named import, 'is' is the default export\nconst is = require('is'); // Correct for CommonJS","symbol":"is","correct":"import is from 'is';"},{"note":"Most type-checking functions are properties of the main 'is' object. There are no direct named exports for individual type checks like `string`, `array`, etc. Always import the main 'is' object first.","wrong":"import { string } from 'is'; // 'string' is a property of the 'is' object, not a named export\nconst string = require('is').string; // CommonJS, but less common to destructure 'is'","symbol":"is.string","correct":"import is from 'is';\nis.string('hello');"},{"note":"Similar to `is.string`, all utility methods like `is.defined`, `is.empty`, `is.nil`, etc., are accessed as properties of the main `is` object obtained via the default import or CommonJS require.","wrong":"import { defined } from 'is'; // 'defined' is a property of the 'is' object, not a named export","symbol":"is.defined","correct":"import is from 'is';\nif (is.defined(myVar)) { /* ... */ }"}],"quickstart":{"code":"import is from 'is';\n\nfunction processValue(value) {\n  if (is.nil(value)) {\n    console.log('Value is null or undefined.');\n    return 'default_value';\n  } else if (is.string(value)) {\n    console.log(`Value is a string: ${value}`);\n    return value.trim();\n  } else if (is.array(value)) {\n    console.log(`Value is an array with ${value.length} elements.`);\n    return value.filter(item => is.defined(item));\n  } else if (is.object(value) && is.empty(value)) {\n    console.log('Value is an empty object.');\n    return {};\n  } else {\n    console.log(`Value is of type: ${is.type(value)}`);\n    return value;\n  }\n}\n\nconsole.log(processValue(null));\nconsole.log(processValue('  hello world  '));\nconsole.log(processValue([1, undefined, 3]));\nconsole.log(processValue({}));\nconsole.log(processValue(123));\nconsole.log(processValue(new Date()));","lang":"javascript","description":"Demonstrates importing the 'is' library and using various type-checking functions like `is.nil`, `is.string`, `is.array`, `is.object`, `is.empty`, `is.defined`, and `is.type` for conditional logic."},"warnings":[{"fix":"Immediately upgrade to version 3.3.2 or later, or ensure you are using a version prior to the compromised releases (e.g., 3.3.0). Always verify the integrity of your installed packages, especially after major security incidents. Use `npm audit` regularly.","message":"A critical supply chain attack occurred, leading to the publication of malicious versions of the 'is' package. Specifically, versions 3.3.1 and 5.0.0 released on July 19, 2025, were compromised and contained malicious code. These versions were promptly removed from npm.","severity":"breaking","affected_versions":"3.3.1, 5.0.0"},{"fix":"Replace `is.instanceof(value, constructor)` with `is.instance(value, constructor)`. For `is.null(value)` use `value === null`. For `is.undefined(value)` use `value === undefined` or `is.undef(value)`. Consider using `is.nil(value)` for a check against both null and undefined.","message":"Several functions like `is.instanceof`, `is.null`, and `is.undefined` are formally deprecated within the library. While they still function, their use is discouraged.","severity":"deprecated","affected_versions":">=3.x"},{"fix":"For optimal compatibility in ESM-only environments, ensure your build setup (e.g., Webpack, Rollup, Parcel, or TypeScript's `moduleResolution`) is configured to correctly handle CommonJS modules. If issues persist, consider using a different type-checking library that explicitly offers native ESM support.","message":"The package does not officially declare itself as an ES Module (`\"type\": \"module\"` in `package.json` or explicit `.mjs` files). While modern bundlers and Node.js can typically consume CommonJS modules via `import`, direct ESM consumption might lead to unexpected behavior or require specific tooling configurations.","severity":"gotcha","affected_versions":"<3.x"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Ensure you are importing the entire `is` object as the default export (ESM: `import is from 'is';`) or requiring the entire module (CommonJS: `const is = require('is');`). All type functions are properties of this 'is' object, e.g., `is.string('value')`.","cause":"Attempting to access a type-checking function directly from a named import or an incorrectly structured CommonJS import.","error":"TypeError: is.string is not a function"},{"fix":"This error is typically not caused by `is` itself unless you are using a compromised or improperly bundled version. Verify your project's `package.json` `type` field and module resolution settings. For `is` specifically, ensure you are on a non-compromised version (>=3.3.2) and that your environment correctly handles CJS interop for `require` or uses `import` as appropriate.","cause":"This library is primarily CommonJS, but if a dependency *within* `is` or another part of your project incorrectly uses `\"type\": \"module\"` and is then `require()`-d, this error can occur.","error":"ERR_REQUIRE_ESM: require() of ES Module ... not supported"}],"ecosystem":"npm"}