Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@stoplight/json
Advanced tools
Useful functions when working with JSON.
Supported in modern browsers and node.
# latest stable
yarn add @stoplight/json
JSON.parse(val)
but also returns a source map that includes a JSON path pointer for every property in the result (with line information).['paths', '/user', 'get']
-> #/paths/~1/user/get
.#/paths/~1/user/get
-> ['paths', '/user', 'get']
.JSON.parse(val)
but does not throw on invalid JSON.JSON.stringify(val)
but handles circular references.x.startsWith(y)
but works with strings AND arrays.lodash.startsWith(x, y)
but works with strings AND arrays.parseWithPointers
Note: Unlike most of the other functions, parseWithPointers is not exported from root. You must import by name.
import { parseWithPointers } from "@stoplight/json/parseWithPointers";
const result = parseWithPointers('{"foo": "bar"}');
console.log(result.data); // => the {foo: "bar"} JS object
console.log(result.pointers); // => the source map with a single "#/foo" pointer that has position info for the foo property
feature/{name}
, chore/{name}
, or fix/{name}
branch.yarn
.yarn test.prod
.yarn commit
. NOTE: Commits that don't follow the conventional format will be rejected. yarn commit
creates this format for you, or you can put it together manually and then do a regular git commit
.git push
.next
branch.FAQs
Useful functions when working with JSON.
We found that @stoplight/json demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.