Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
cjson - Commented JavaScript Object Notation. It is a json loader, which parses only valid json files, but with comments enabled. Useful for loading configs.
The cjson npm package is a JSON parser that supports comments and more relaxed JSON syntax. It allows you to parse JSON files that include comments, trailing commas, and other non-standard JSON features.
Parse JSON with comments
This feature allows you to parse JSON strings that include comments. The comments are ignored during parsing, making it easier to include explanations or notes within your JSON files.
const cjson = require('cjson');
const jsonData = cjson.parse('{"key": "value" // This is a comment
}');
console.log(jsonData);
Stringify JSON with comments
This feature allows you to convert a JavaScript object into a JSON string while preserving comments. This can be useful for generating JSON files that include comments for documentation purposes.
const cjson = require('cjson');
const jsonObject = { key: 'value' };
const jsonString = cjson.stringify(jsonObject, null, 2, { comments: true });
console.log(jsonString);
Load JSON file with comments
This feature allows you to load and parse a JSON file that includes comments. The comments are ignored during parsing, making it easier to maintain and understand your JSON files.
const cjson = require('cjson');
const jsonData = cjson.load('path/to/your/file.json');
console.log(jsonData);
JSON5 is a JSON parser that allows for more relaxed JSON syntax, including comments, trailing commas, and unquoted keys. It is similar to cjson in that it supports non-standard JSON features, but JSON5 is more widely adopted and has a more extensive feature set.
Hjson is a user interface for JSON that allows for a more human-readable and writable format. It supports comments, multiline strings, and other features that make JSON easier to work with. Hjson is similar to cjson in that it supports comments and relaxed syntax, but it also offers additional features for improving readability.
comment-json is a JSON parser and stringifier that supports comments. It allows you to parse and stringify JSON with comments, similar to cjson. However, comment-json focuses specifically on handling comments and may be simpler to use for that specific purpose.
JSON has a good spec, is implemented in every language, has easy to read syntax and is much more powerful than ini files.
JSON is perfect for writing config files, except of one problem - there is no comments, but sometimes config files get large and need to be commented.
Well, you could just evaluate json file as a JavaScript using one-liner, right?
The purpose of this module is to avoid dirty JavaScript configs and to enable clean, consistent, secure, portable and JSON valid notation.
CJSON supports JavaScript style comments: singleline "//" and multiline "/**/". It takes care about comments inside of strings.
Example of such shiny config file:
/*
* This is my app configuration file.
*
*/
{
"host": "localhost",
// app is listening on this port
"port": 8888
}
var cjson = require('cjson');
Load config file from given path, array of paths or directory. Second parameter is optional and can be a boolean or object.
path
{String|Array} absolute path to the file, array of paths or directoryoptions
{Boolean|Object} optional options. If you pass true
as second param, its the same like {merge: true}
and will merge all configs together.options
defaults:
{
// merge all passed/found config files, see `cjson.extend`
merge: false,
// allows you to do some string replacements, see `cjson.replace`.
replace: null,
// freeze config recursively, see `cjson.freeze`
freeze: false,
// you can use any other extension for your config files, f.e. .cjson
ext: '.json',
// you can use any parser you want. the default uses JSON.parse for maximum
// speed, if it throws it uses uses an alternative parser to give more
// helpful errors
parse: jph.parse
}
Examples:
// just one config
var conf = cjson.load('/path/to/your/config.json');
// array of configs
var conf = cjson.load(['/path/to/your/config1.json', '/path/to/your/config2.json']);
//output
{
config1: {key1: 'value1'}
config2: {key2: 'value2'}
}
// use optional merge parameter
// array of configs
var conf = cjson.load(['/path/to/your/config1.json', '/path/to/your/config2.json'], true);
// output
{
key1: 'value1',
key2: 'value2'
}
// load all config files from a directory
var conf = cjson.load('/path/to/your/configs');
// overwriting dev config with production
var paths = ['/path/to/conf.json'];
if (process.env.NODE_ENV ==='production') {
paths.push('/path/to/conf-prod.json');
}
var conf = cjson.load(paths, true);
Merge the contents of two or more objects together into the first object.
deep
If true, the merge becomes recursive.target
The object to extend. It will receive the new properties.object1
An object containing additional properties to merge in.objectN
Additional objects containing properties to merge in.Example:
var object = cjson.extend({}, object1, object2);
Remove JavaScript style comments, singleline - '//' and multiline - '/**/'. It takes care about comments inside of strings and escaping.
Like JSON.parse
, but it takes care about comments. Optional reviver
argument
is for JSON.parse
method and will be called for every key and value at every level
of the final result
Replace all strings {{key}}
contained in {key: 'value'}
, where key
can be any
property of passed obj
.
Example:
var str = '{"path": "{{root}}/src"}'; // json file contents
cjson.replace(str, {root: '/usr'}); // '{"path": "/usr/src"}'
Recursively freeze an object.
npm install cjson
FAQs
cjson - Commented JavaScript Object Notation. It is a json loader, which parses only valid json files, but with comments enabled. Useful for loading configs.
The npm package cjson receives a total of 514,617 weekly downloads. As such, cjson popularity was classified as popular.
We found that cjson demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.