destr
A faster, secure and convenient alternative for JSON.parse
Last updated 2 months ago by pi0 .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install destr 
SYNC missed versions from official npm registry.

destr

A faster, secure and convenient alternative for JSON.parse:

npm version npm downloads bundle phobia

Usage

Node.js

Install using npm or yarn:

npm i destr
# or
yarn add destr

Import into your Node.js project:

// CommonJS
const destr = require('destr')

// ESM
import destr from 'destr'

Deno

import destr from 'https://deno.land/x/destr/src/index.ts'

console.log(destr('{ "deno": "yay" }'))

Why?

Please note that destr is little bit slower when parsing a standard JSON string mainly because of transform to avoid prototype pollution which can lead to serious security issues if not being sanetized. In the other words, destr is better when input is not always a json string or from untrsuted source like request body.

Fast fallback to input if is not string:

// Uncaught SyntaxError: Unexpected token u in JSON at position 0
JSON.parse()

// undefined
destr()
// JSON.parse x 5,324,474 ops/sec ±0.65% (94 runs sampled)
JSON.parse(3.14159265359)

// destr x 657,187,095 ops/sec ±0.06% (98 runs sampled)
destr(3.14159265359)

Fast lookup for known string values:

// Uncaught SyntaxError: Unexpected token T in JSON at position 0
JSON.parse('TRUE')

// true
destr('TRUE')
// JSON.parse x 10,407,488 ops/sec ±0.30% (97 runs sampled)
JSON.parse('true')

// destr x 88,634,032 ops/sec ±0.32% (95 runs sampled)
destr('true')

Fallback to original value if parse fails (empty or any plain string):

// Uncaught SyntaxError: Unexpected token s in JSON at position 0
// JSON.parse (try-catch) x 248,212 ops/sec ±1.22% (84 runs sampled
JSON.parse('salam')

// destr x 30,867,179 ops/sec ±0.49% (94 runs sampled)
destr('salam')

Avoid prototype pollution:

const input = '{ "user": { "__proto__": { "isAdmin": true } } }'

// { user: { __proto__: { isAdmin: true } } }
JSON.parse(input)

// { user: {} }
destr(input)

License

MIT. Made with ????

Current Tags

  • 1.0.1                                ...           latest (2 months ago)

13 Versions

  • 1.0.1                                ...           2 months ago
  • 1.0.0                                ...           7 months ago
  • 0.1.9                                ...           8 months ago
  • 0.1.8                                ...           8 months ago
  • 0.1.7                                ...           8 months ago
  • 0.1.6                                ...           8 months ago
  • 0.1.5                                ...           8 months ago
  • 0.1.4                                ...           8 months ago
  • 0.1.3                                ...           8 months ago
  • 0.1.2                                ...           8 months ago
  • 0.1.1                                ...           8 months ago
  • 0.1.0                                ...           8 months ago
  • 0.0.0                                ...           8 months ago
Maintainers (1)
Downloads
Today 5
This Week 970
This Month 12,197
Last Day 965
Last Week 5,244
Last Month 25,583
Dependencies (0)
None
Dev Dependencies (9)

Copyright 2014 - 2017 © taobao.org |