{"id":12349,"library":"vega-util","title":"Vega Utilities","description":"vega-util is a foundational JavaScript utility library within the Vega ecosystem, providing a comprehensive set of helper methods for common operations across Vega modules. It includes functions for type checking (e.g., `isObject`, `isArray`, `isString`), object manipulation (like `extend`, `merge`), array utilities, string operations, logging, error handling, and more. As of its current stable version v6.2.0, vega-util is exclusively distributed as an ESM module. The project maintains an active release cadence, frequently updating to incorporate new features, bug fixes, and security patches, as evidenced by recent v5.x and v6.x releases. Its primary differentiation lies in being a core, dependency-free utility library specifically tailored to support the data visualization functionalities of Vega and Vega-Lite.","status":"active","version":"2.1.0","language":"javascript","source_language":"en","source_url":"https://github.com/vega/vega","tags":["javascript","vega","utilities"],"install":[{"cmd":"npm install vega-util","lang":"bash","label":"npm"},{"cmd":"yarn add vega-util","lang":"bash","label":"yarn"},{"cmd":"pnpm add vega-util","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"Since v6.0.0, vega-util is ESM-only. CommonJS `require` is not supported.","wrong":"const isObject = require('vega-util').isObject;","symbol":"isObject","correct":"import { isObject } from 'vega-util';"},{"note":"All core utility functions are named exports, not default exports.","wrong":"import merge from 'vega-util';","symbol":"merge","correct":"import { merge } from 'vega-util';"},{"note":"Import directly from the package root; avoid importing from internal paths like `src/` as they are not part of the public API and may change.","wrong":"import { error as vegaError } from 'vega-util/src/error';","symbol":"error","correct":"import { error } from 'vega-util';"}],"quickstart":{"code":"import { isObject, merge, truthy, pad } from 'vega-util';\n\nconsole.log('Is { a: 1 } an object?', isObject({ a: 1 }));\nconsole.log('Is \"hello\" an object?', isObject('hello'));\n\nconst obj1 = { a: 1, b: { c: 2 } };\nconst obj2 = { b: { d: 3 }, e: 4 };\nconst merged = merge(obj1, obj2);\nconsole.log('Merged object:', merged); // Expected: { a: 1, b: { d: 3 }, e: 4 }\n\nconst value = 42;\nconsole.log(`Is ${value} truthy?`, truthy(value));\nconsole.log(`Is null truthy?`, truthy(null));\n\nconst str = 'Vega';\nconst paddedStr = pad(str, 10, ' ', 'left');\nconsole.log(`Padded string: \"${paddedStr}\"`);\n\n// Example demonstrating a common utility pattern with conditional logic\nfunction processConfig(userConfig: object = {}) {\n  const defaultConfig = { theme: 'light', animation: true, logLevel: 'info' };\n  if (!isObject(userConfig)) {\n    error('Invalid configuration: must be an object.');\n    return defaultConfig; // Fallback to default\n  }\n  return merge(defaultConfig, userConfig);\n}\n\nconst myConfig = processConfig({ animation: false, logLevel: 'debug' });\nconsole.log('Processed configuration:', myConfig);\n\nconst invalidConfig = processConfig('not an object');\nconsole.log('Invalid config handling resulted in:', invalidConfig);","lang":"typescript","description":"Demonstrates importing and using core utility functions like `isObject`, `merge`, `truthy`, and `pad`."},"warnings":[{"fix":"Migrate your project to use ES modules. Ensure your `package.json` specifies `\"type\": \"module\"` or use `.mjs` file extensions. Update all `require()` statements to `import` statements.","message":"Vega, including `vega-util`, transitioned to ESM-only in v6.0.0. Projects must use ES module imports (`import ... from 'vega-util'`) and cannot use CommonJS `require()` syntax.","severity":"breaking","affected_versions":">=6.0.0"},{"fix":"Upgrade to `vega` version 5.33.1 or higher for v5.x series, or any v6.x version. If directly using `vega-expression` or `vega-interpreter`, ensure those packages are updated to their latest compatible versions.","message":"A security advisory (GHSA-7f2v-3qq3-vvjf, CVE-2025-59840) addressed Cross-Site Scripting (XSS) vulnerabilities in Vega expressions abusing `toString` calls. This was fixed in `vega` v5.33.1 and implicitly affects packages consuming `vega-expression` or `vega-interpreter`.","severity":"breaking","affected_versions":"<5.33.1"},{"fix":"Update `vega` (and implicitly its sub-packages) to version 5.32.0 or higher. Always sanitize or validate untrusted Vega/Vega-Lite specifications, especially if not using `vega-interpreter`'s CSP mode.","message":"Another XSS vulnerability (GHSA-963h-3v39-3pqf, CVE-2025-27793) related to `RegExp.prototype[@@replace]` when running Vega/Vega-Lite JSON definitions was patched. Users running untrusted specifications could execute unexpected JavaScript.","severity":"breaking","affected_versions":"<5.32.0"},{"fix":"No direct fix is required for most applications, as `Object.hasOwn` is a safer and more robust alternative. If you have highly customized `Object.prototype` behavior, review its interaction with this change.","message":"The `Object.prototype.hasOwnProperty` usage was replaced with `Object.hasOwn` in `vega-util` v5.31.0. While not directly breaking for most users, this change enhances security by guarding against overridden `Object.prototype` built-ins. Code relying on custom `hasOwnProperty` behavior on `Object.prototype` might see subtle differences, though this is an uncommon pattern.","severity":"gotcha","affected_versions":">=5.31.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Change `const { ... } = require('vega-util');` to `import { ... } from 'vega-util';` and ensure your project is configured for ES modules (e.g., `\"type\": \"module\"` in `package.json`).","cause":"Attempting to `require()` `vega-util` in a CommonJS context when the package is ESM-only since v6.0.0.","error":"ERR_REQUIRE_ESM"},{"fix":"Ensure you are using named imports for `vega-util` functions: `import { isObject } from 'vega-util';`. Do not use `import isObject from 'vega-util';`.","cause":"This Webpack/ESM bundling error typically occurs when attempting to import a default export that doesn't exist, or when a named export is incorrectly treated as a default.","error":"TypeError: (0 , vega_util__WEBPACK_IMPORTED_MODULE_0__.isObject) is not a function"},{"fix":"Verify the function name and its availability in the specific `vega-util` version you are using by checking the official API documentation or source code. Ensure your TypeScript configuration is correctly resolving module types.","cause":"Attempting to import a function that is not exported by `vega-util` or has been renamed/removed in a new version.","error":"TS2305: Module '\"vega-util\"' has no exported member 'someFunction'."}],"ecosystem":"npm"}