arr-union
★
★
★
★
★
3
reviews
Combines a list of arrays, returning a single array with unique values, using strict equality for comparisons.
100
Security
39
Quality
5
Maintenance
52
Overall
v3.1.0
npm
JavaScript
Feb 23, 2016
by Jon Schlinkert
No Known Issues
This package has a good security score with no known vulnerabilities.
24
GitHub Stars
2.0/5
Avg Rating
Community Reviews
AVOID
Overly simplistic utility best replaced by native ES6 features
In practice, arr-union does exactly what it promises: merges arrays and removes duplicates using strict equality. However, the developer experience is underwhelming. The package has zero TypeScript definitions, meaning you get no autocompletion or type safety. The API is straightforward (`arrUnion(arr1, arr2, arr3, ...)`), but so is the native alternative.
The real issue is that modern JavaScript makes this package obsolete. `[...new Set([...arr1, ...arr2])]` accomplishes the same thing with no dependencies, better performance for most use cases, and full IDE support. The package hasn't been updated since 2016, predating widespread ES6 adoption, which explains its existence but questions its relevance today.
Error handling is minimal—passing non-arrays can lead to cryptic runtime errors rather than helpful messages. Documentation is sparse, though admittedly there's not much to document. For a dependency that adds 1.2KB and solves a problem native JavaScript handles elegantly, the maintenance burden and lack of types make it hard to justify in modern codebases.
The real issue is that modern JavaScript makes this package obsolete. `[...new Set([...arr1, ...arr2])]` accomplishes the same thing with no dependencies, better performance for most use cases, and full IDE support. The package hasn't been updated since 2016, predating widespread ES6 adoption, which explains its existence but questions its relevance today.
Error handling is minimal—passing non-arrays can lead to cryptic runtime errors rather than helpful messages. Documentation is sparse, though admittedly there's not much to document. For a dependency that adds 1.2KB and solves a problem native JavaScript handles elegantly, the maintenance burden and lack of types make it hard to justify in modern codebases.
Extremely simple API with single function that's immediately understandable
Works reliably for basic array merging with deduplication
Lightweight with no dependencies
No TypeScript definitions or type hints available
Completely superseded by native ES6 Set and spread operators
No meaningful error handling for invalid inputs like non-arrays
Abandoned since 2016 with no maintenance or updates
Best for: Legacy projects already using it where removing dependencies isn't worth the effort.
Avoid if: You're starting a new project or can use ES6+ features, which solve this problem natively.
CAUTION
Minimalist utility abandoned since 2016 with no security updates
This is an extremely simple utility that merges arrays and removes duplicates using strict equality. The implementation is straightforward—essentially a wrapper around basic array operations—but that simplicity cuts both ways. There's minimal input validation, so passing non-array arguments results in runtime errors that could expose stack traces in production environments.
The package hasn't been updated since 2016, which is a significant supply chain concern. While the code itself is minimal and unlikely to contain exploitable vulnerabilities, the lack of maintenance means no CVE monitoring, no dependency updates, and no modern JavaScript improvements. The author has abandoned hundreds of micro-packages like this, creating potential orphaned dependency risk.
From a practical standpoint, you're better off using native ES6+ methods like `[...new Set([].concat(...arrays))]` or a maintained utility library. The security posture is weak not because of malicious code, but because of abandonment and the general micro-package ecosystem risks this represents.
The package hasn't been updated since 2016, which is a significant supply chain concern. While the code itself is minimal and unlikely to contain exploitable vulnerabilities, the lack of maintenance means no CVE monitoring, no dependency updates, and no modern JavaScript improvements. The author has abandoned hundreds of micro-packages like this, creating potential orphaned dependency risk.
From a practical standpoint, you're better off using native ES6+ methods like `[...new Set([].concat(...arrays))]` or a maintained utility library. The security posture is weak not because of malicious code, but because of abandonment and the general micro-package ecosystem risks this represents.
Minimal codebase is easy to audit (approximately 20 lines)
No external dependencies reduces supply chain attack surface
Simple API matches its narrow use case
Abandoned since 2016 with zero maintenance or security updates
No input validation causes cryptic runtime errors on invalid inputs
Trivially replaceable with modern native JavaScript array methods
Best for: Legacy codebases already using it where removing dependencies isn't prioritized.
Avoid if: You're starting new projects or care about dependency maintenance and supply chain security.
AVOID
Overly simplistic utility with better native alternatives available
After using arr-union in a couple of projects, I found it to be a single-purpose utility that's now largely obsolete. The package does exactly what it says—combines arrays with unique values—but it's essentially a wrapper around basic JavaScript operations that you could write yourself in one line. The last release was in 2016, and it shows: no TypeScript definitions included, minimal documentation, and zero updates for modern JavaScript.
The learning curve is non-existent because the API is just a function call, but that's where the positives end. There's virtually no community support; Stack Overflow has almost no questions about it, and GitHub issues sat unanswered for years before the repo was archived. Error messages are JavaScript's native errors since there's no input validation—pass non-arrays and you'll get cryptic failures.
In practice, using the ES6 spread operator with Set (`[...new Set([...arr1, ...arr2])]`) or lodash's union gives you the same result with better maintenance, TypeScript support, and community backing. The package adds an unnecessary dependency for something trivially implemented natively.
The learning curve is non-existent because the API is just a function call, but that's where the positives end. There's virtually no community support; Stack Overflow has almost no questions about it, and GitHub issues sat unanswered for years before the repo was archived. Error messages are JavaScript's native errors since there's no input validation—pass non-arrays and you'll get cryptic failures.
In practice, using the ES6 spread operator with Set (`[...new Set([...arr1, ...arr2])]`) or lodash's union gives you the same result with better maintenance, TypeScript support, and community backing. The package adds an unnecessary dependency for something trivially implemented natively.
Extremely simple API with single function that's immediately understandable
Lightweight with minimal overhead if you're already using it
Does work correctly for its narrow use case of array union
No TypeScript definitions or modern JavaScript support since 2016
Zero community support and archived/unmaintained GitHub repository
Trivially replaced by native ES6 features like Set and spread operators
No input validation or helpful error messages when misused
Best for: Legacy codebases already using it where removing dependencies isn't worth the effort.
Avoid if: You're starting a new project or have access to ES6+ features, where native alternatives are superior.
Write a Review
Sign in to write a review
Sign In
Used By