Neglected Parking Meter

    destr
    TypeScript icon, indicating that this package has built-in type declarations

    1.1.1 • Public • Published

    destr

    A faster, secure and convenient alternative for JSON.parse:

    npm version npm downloads bundle phobia

    Usage

    Node.js

    Install using npm or yarn:

    npm i destr
    # or
    yarn add destr

    Import into your Node.js project:

    // CommonJS
    const destr = require('destr')
    
    // ESM
    import destr from 'destr'

    Deno

    import destr from 'https://deno.land/x/destr/src/index.ts'
    
    console.log(destr('{ "deno": "yay" }'))

    Why?

    Please note that destr is little bit slower when parsing a standard JSON string mainly because of transform to avoid prototype pollution which can lead to serious security issues if not being sanitized. In the other words, destr is better when input is not always a json string or from untrusted source like request body.

    Fast fallback to input if is not string:

    // Uncaught SyntaxError: Unexpected token u in JSON at position 0
    JSON.parse()
    
    // undefined
    destr()
    // JSON.parse x 5,324,474 ops/sec ±0.65% (94 runs sampled)
    JSON.parse(3.14159265359)
    
    // destr x 657,187,095 ops/sec ±0.06% (98 runs sampled)
    destr(3.14159265359)

    Fast lookup for known string values:

    // Uncaught SyntaxError: Unexpected token T in JSON at position 0
    JSON.parse('TRUE')
    
    // true
    destr('TRUE')
    // JSON.parse x 10,407,488 ops/sec ±0.30% (97 runs sampled)
    JSON.parse('true')
    
    // destr x 88,634,032 ops/sec ±0.32% (95 runs sampled)
    destr('true')

    Fallback to original value if parse fails (empty or any plain string):

    // Uncaught SyntaxError: Unexpected token s in JSON at position 0
    // JSON.parse (try-catch) x 248,212 ops/sec ±1.22% (84 runs sampled
    JSON.parse('salam')
    
    // destr x 30,867,179 ops/sec ±0.49% (94 runs sampled)
    destr('salam')

    Avoid prototype pollution:

    const input = '{ "user": { "__proto__": { "isAdmin": true } } }'
    
    // { user: { __proto__: { isAdmin: true } } }
    JSON.parse(input)
    
    // { user: {} }
    destr(input)

    License

    MIT. Made with 💖

    Keywords

    none

    Install

    npm i destr

    DownloadsWeekly Downloads

    513,845

    Version

    1.1.1

    License

    MIT

    Unpacked Size

    10.4 kB

    Total Files

    6

    Last publish

    Collaborators

    • pi0