Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



A bson parser for node.js and the browser

Version published
Install size
2.18 MB

Package description

What is bson?

The bson npm package is a library that allows you to serialize and deserialize data in BSON format. BSON, short for Binary JSON, is a binary-encoded serialization of JSON-like documents. It is designed to be efficient in both storage space and scan-speed. The bson package is commonly used when working with MongoDB, as MongoDB uses BSON as its document storage format.

What are bson's main functionalities?


This feature allows you to convert a JavaScript object into a BSON formatted buffer. This is useful for storing and transmitting data in a compact binary form.

{"const BSON = require('bson'); const bson = new BSON(); const doc = { hello: 'world' }; const data = bson.serialize(doc); console.log(data); // <Buffer 16 00 00 00 02 68 65 6c 6c 6f 00 06 00 00 00 77 6f 72 6c 64 00 00>"}


This feature allows you to convert BSON data back into a JavaScript object. This is useful when you need to read data that was stored or transmitted in BSON format.

{"const BSON = require('bson'); const bson = new BSON(); const data = Buffer.from('160000000268656c6c6f0006000000776f726c640000', 'hex'); const doc = bson.deserialize(data); console.log(doc); // { hello: 'world' }"}

Other packages similar to bson



BSON parser

BSON is short for "Binary JSON," and is the binary-encoded serialization of JSON-like documents. You can learn more about it in the specification.

Table of Contents

Bugs / Feature Requests

Think you've found a bug? Want to see a new feature in bson? Please open a case in our issue management tool, JIRA:

  1. Create an account and login:
  2. Navigate to the NODE project:
  3. Click Create Issue - Please provide as much information as possible about the issue and how to reproduce it.

Bug reports in JIRA for all driver projects (i.e. NODE, PYTHON, CSHARP, JAVA) and the Core Server (i.e. SERVER) project are public.


To build a new version perform the following operations:

npm install
npm run build

Node.js or Bundling Usage

When using a bundler or Node.js you can import bson using the package name:

import { BSON, EJSON, ObjectId } from 'bson';
// or:
// const { BSON, EJSON, ObjectId } = require('bson');

const bytes = BSON.serialize({ _id: new ObjectId() });
const doc = BSON.deserialize(bytes);
// {"_id":{"$oid":"..."}}

Browser Usage

If you are working directly in the browser without a bundler please use the .mjs bundle like so:

<script type="module">
  import { BSON, EJSON, ObjectId } from './lib/bson.mjs';

  const bytes = BSON.serialize({ _id: new ObjectId() });
  const doc = BSON.deserialize(bytes);
  // {"_id":{"$oid":"..."}}


npm install bson



API documentation


EJSON.parse(text, [options])
[options]objectOptional settings
[options.relaxed]booleantrueAttempt to return native JS types where possible, rather than BSON types (if true)

Parse an Extended JSON string, constructing the JavaScript value or object described by that string.


const { EJSON } = require('bson');
const text = '{ "int32": { "$numberInt": "10" } }';

// prints { int32: { [String: '10'] _bsontype: 'Int32', value: '10' } }
console.log(EJSON.parse(text, { relaxed: false }));

// prints { int32: 10 }

EJSON.stringify(value, [replacer], [space], [options])
valueobjectThe value to convert to extended JSON
[replacer]function | arrayA function that alters the behavior of the stringification process, or an array of String and Number objects that serve as a whitelist for selecting/filtering the properties of the value object to be included in the JSON string. If this value is null or not provided, all properties of the object are included in the resulting JSON string
[space]string | numberA String or Number object that's used to insert white space into the output JSON string for readability purposes.
[options]objectOptional settings
[options.relaxed]booleantrueEnabled Extended JSON's relaxed mode
[options.legacy]booleantrueOutput in Extended JSON v1

Converts a BSON document to an Extended JSON string, optionally replacing values if a replacer function is specified or optionally including only the specified properties if a replacer array is specified.


const { EJSON } = require('bson');
const Int32 = require('mongodb').Int32;
const doc = { int32: new Int32(10) };

// prints '{"int32":{"$numberInt":"10"}}'
console.log(EJSON.stringify(doc, { relaxed: false }));

// prints '{"int32":10}'

EJSON.serialize(bson, [options])
bsonobjectThe object to serialize
[options]objectOptional settings passed to the stringify function

Serializes an object to an Extended JSON string, and reparse it as a JavaScript object.

EJSON.deserialize(ejson, [options])
ejsonobjectThe Extended JSON object to deserialize
[options]objectOptional settings passed to the parse method

Deserializes an Extended JSON object into a plain JavaScript object with native/BSON types

Error Handling

It is our recommendation to use BSONError.isBSONError() checks on errors and to avoid relying on parsing error.message and strings in your code. We guarantee BSONError.isBSONError() checks will pass according to semver guidelines, but errors may be sub-classed or their messages may change at any time, even patch releases, as we see fit to increase the helpfulness of the errors.

Any new errors we add to the driver will directly extend an existing error class and no existing error will be moved to a different parent class outside of a major release. This means BSONError.isBSONError() will always be able to accurately capture the errors that our BSON library throws.

Hypothetical example: A collection in our Db has an issue with UTF-8 data:

let documentCount = 0;
const cursor = collection.find({}, { utf8Validation: true });
try {
  for await (const doc of cursor) documentCount += 1;
} catch (error) {
  if (BSONError.isBSONError(error)) {
    console.log(`Found the troublemaker UTF-8!: ${documentCount} ${error.message}`);
    return documentCount;
  throw error;

React Native

BSON vendors the required polyfills for TextEncoder, TextDecoder, atob, btoa imported from React Native and therefore doesn't expect users to polyfill these. One additional polyfill, crypto.getRandomValues is recommended and can be installed with the following command:

npm install --save react-native-get-random-values

The following snippet should be placed at the top of the entrypoint (by default this is the root index.js file) for React Native projects using the BSON library. These lines must be placed for any code that imports BSON.

// Required Polyfills For ReactNative
import 'react-native-get-random-values';

Finally, import the BSON library like so:

import { BSON, EJSON } from 'bson';

This will cause React Native to import the node_modules/bson/lib/bson.rn.cjs bundle (see the "react-native" setting we have in the "exports" section of our package.json.)

Technical Note about React Native module import

The "exports" definition in our package.json will result in BSON's CommonJS bundle being imported in a React Native project instead of the ES module bundle. Importing the CommonJS bundle is necessary because BSON's ES module bundle of BSON uses top-level await, which is not supported syntax in React Native's runtime hermes.


Why does undefined get converted to null?

The undefined BSON type has been deprecated for many years, so this library has dropped support for it. Use the ignoreUndefined option (for example, from the driver ) to instead remove undefined keys.

How do I add custom serialization logic?

This library looks for toBSON() functions on every path, and calls the toBSON() function to get the value to serialize.

const BSON = require('bson');

class CustomSerialize {
  toBSON() {
    return 42;

const obj = { answer: new CustomSerialize() };
// "{ answer: 42 }"



Last updated on 18 Oct 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc