The type of the target object
The target object with all defaults applied.
const options = { timeout: 5000 };
const defaults = { timeout: 3000, retries: 3, verbose: false };
objDefaults(options, defaults);
// => { timeout: 5000, retries: 3, verbose: false }
// `timeout` was kept because it was already defined.
// Multiple sources — first defined value wins
objDefaults({}, { a: 1 }, { a: 99, b: 2 });
// => { a: 1, b: 2 }
// Unsafe source keys are silently skipped (prototype-pollution guard)
const cfg: any = { host: "localhost" };
const src: any = { host: "evil.com", __proto__: { admin: true }, constructor: String };
objDefaults(cfg, src);
// => { host: "localhost" } — __proto__ and constructor were never written
Assigns own enumerable properties from one or more
sourcesontotargetonly for properties that are currentlyundefinedontarget— it never overwrites an already-defined value (includingnull). Sources are processed left-to-right; the first defined value wins.This is similar to Lodash
_.defaults(), but it only considers each source object's own enumerable properties and does not copy inherited source properties.Security filtering: to guard against prototype-pollution attacks this function applies two layers of protection:
__proto__,constructor,prototype) are silently skipped and never written totarget, even when those keys exist as own enumerable properties of a source.Object.prototype,Array.prototype, etc.) are rejected entirely —targetis returned unchanged.This means that calls like
objDefaults(obj, { constructor: fn })orobjDefaults(Object.prototype, ...)are silently no-ops for the filtered keys / guarded target.