Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@deepkit/bson

Package Overview
Dependencies
Maintainers
1
Versions
143
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@deepkit/bson

Deepkit BSON parser

latest
Source
npmnpm
Version
1.0.19
Version published
Maintainers
1
Created
Source

BSON

@deepkit/bson is a high-performance TS implementation of a parser and serializer for BSON, the MongoDB Binary JSON format. It's the fastest JS BSON parser, even faster than native JSON.parse/stringify.

Deepkit has reimplemented it because it's a high-performance framework and both the official JS (js-bson) and C++ (bson-ext) packages are too slow. How slow? When converting 10k elements in an array, js-bson takes 25ms, bson-ext takes 31ms, whiles JSON.parse takes only 5ms. This makes the official BSON parser 5x slower than native JSON.parse. deepkit/type-bson on the other hand takes only 2ms and is therefore 13x faster.

Benchmark

Parsing BSON buffer that contains an array with 10k objects.

MethodTime (ms)
official native bson-ext31ms
official js-bson25ms
deepkit/bson generic v26ms
deepkit/bson generic v34ms
JSON.parse5ms
deepkit/type JIT2ms

Serializing an array with 10k objects.

MethodTime (ms)
official native bson-ext39ms
official js-bson33ms
JSON.stringify5ms
deepkit/bson JIT2ms

"deepkit/bson JIT" means a parser/serializer based on a schema like so:

import {t} from '@deepkit/type';
import {getBSONDecoder} from '@deepkit/bson';

interface Model {
    username: string;
    tags: string[];
    priority: number;
}

const decoder = getBSONDecoder<Model>();
const bson = new Buffer([]);

const document = decoder(bson);

whereas "deepkit/type generic" means schema-less:

import {parseObject, ParserV2, ParserV3} from '@deepkit/bson';
const bson = new Buffer([]);

const object1 = parseObject(new ParserV2(bson));

const object2 = parseObject(new ParserV3(bson));

Differences

There are a couple of differences to the official serializer.

  • ObjectId is deserialized as string.
  • UUID is deserialized as string.
  • BigInt is supported and serialized as long.
  • Unlimited size BigInt supported (serialised as binary)
  • Long is deserialized as BigInt.

FAQs

Package last updated on 22 Sep 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Research

/

Security News

9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads

Socket researchers discovered nine malicious NuGet packages that use time-delayed payloads to crash applications and corrupt industrial control systems.

By Kush Pandya  -  Nov 06, 2025