Security News
RubyGems.org Adds New Maintainer Role
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
comment-json
Advanced tools
Parse and stringify JSON with comments. It will retain comments even when after saved!
The comment-json npm package allows you to parse, modify, and stringify JSON files while preserving comments. This is particularly useful for configuration files where comments are often used to provide context or instructions.
Parsing JSON with comments
This feature allows you to parse JSON strings that include comments. The comments are ignored in the resulting JavaScript object.
const commentJson = require('comment-json');
const jsonWithComments = `{
// This is a comment
"key": "value"
}`;
const parsed = commentJson.parse(jsonWithComments);
console.log(parsed); // { key: 'value' }
Stringifying JSON with comments
This feature allows you to convert a JavaScript object back into a JSON string, optionally including comments.
const commentJson = require('comment-json');
const obj = { key: 'value' };
const jsonString = commentJson.stringify(obj, null, 2);
console.log(jsonString); // {
// This is a comment
"key": "value"
}
Modifying JSON while preserving comments
This feature allows you to modify a parsed JSON object and then convert it back to a JSON string, preserving the original comments.
const commentJson = require('comment-json');
const jsonWithComments = `{
// This is a comment
"key": "value"
}`;
let parsed = commentJson.parse(jsonWithComments);
parsed.newKey = 'newValue';
const modifiedJsonString = commentJson.stringify(parsed, null, 2);
console.log(modifiedJsonString); // {
// This is a comment
"key": "value",
"newKey": "newValue"
}
JSON5 is a JSON extension that aims to make JSON more human-friendly. It allows comments, trailing commas, and more. However, unlike comment-json, JSON5 does not preserve comments when parsing and stringifying.
Hjson is a user interface for JSON. It allows comments and is designed to be easy to read and write. Similar to JSON5, Hjson does not preserve comments when converting between JSON and JavaScript objects.
The jsonc-parser package is used by Visual Studio Code to handle JSON with comments. It can parse JSON with comments and provide a syntax tree, but it is more complex to use compared to comment-json.
The usage of comment-json
is exactly the same as the vanilla JSON
object.
$ npm i comment-json
package.json:
{
// package name
"name": "comment-json"
}
const {
parse,
stringify
} = require('comment-json')
const fs = require('fs')
const obj = parse(fs.readFileSync('package.json').toString())
console.log(obj.name) // comment-json
stringify(obj, null, 2)
// Will be the same as package.json,
// which will be very useful if we use a json file to store configurations.
parse(text, reviver? = null, remove_comments? = false)
: object | string | number | boolean | null
string
The string to parse as JSON. See the JSON object for a description of JSON syntax.Function() | null
Default to null
. It acts the same as the second parameter of JSON.parse
. If a function, prescribes how the value originally produced by parsing is transformed, before being returned.boolean = false
If true, the comments won't be maintained, which is often used when we want to get a clean object.Returns object | string | number | boolean | null
corresponding to the given JSON text.
If the content
is:
/**
before-all
*/
// before-all
{ // before:foo
// before:foo
/* before:foo */
"foo" /* after-prop:foo */: // after-comma:foo
1 // after-value:foo
// after-value:foo
, // before:bar
// before:bar
"bar": [ // before:0
// before:0
"baz" // after-value:0
// after-value:0
, // before:1
"quux"
// after-value:1
] // after-value:bar
// after-value:bar
}
// after-all
const parsed = parse(content)
console.log(parsed)
And the result will be:
{
// Comments before the JSON object
[Symbol.for('before-all')]: [{
type: 'BlockComment',
value: '\n before-all\n ',
inline: false
}, {
type: 'LineComment',
value: ' before-all',
inline: false
}],
...
[Symbol.for('after-prop:foo')]: [{
type: 'BlockComment',
value: ' after-prop:foo ',
inline: true
}],
// The real value
foo: 1,
bar: [
"baz",
"quux,
// The property of the array
[Symbol.for('after-value:0')]: [{
type: 'LineComment',
value: ' after-value:0',
inline: true
}, ...],
...
]
}
There are EIGHT kinds of symbol properties:
Symbol.for('before-all')
// If all things inside an object or an array are comments
Symbol.for('before')
// comment tokens before
// - a property of an object
// - an item of an array
// and before the previous comma(`,`) or the opening bracket(`{` or `[`)
Symbol.for(`before:${prop}`)
// comment tokens after property key `prop` and before colon(`:`)
Symbol.for(`after-prop:${prop}`)
// comment tokens after the colon(`:`) of property `prop` and before property value
Symbol.for(`after-colon:${prop}`)
// comment tokens after
// - the value of property `prop` inside an object
// - the item of index `prop` inside an array
// and before the next key-value/item delimiter(`,`)
// or the closing bracket(`}` or `]`)
Symbol.for(`after-value:${prop}`)
// if comments after
// - the last key-value:pair of an object
// - the last item of an array
Symbol.for('after')
Symbol.for('after-all')
And the value of each symbol property is an array of CommentToken
interface CommentToken {
type: 'BlockComment' | 'LineComment'
// The content of the comment, including whitespaces and line breaks
value: string
// If the start location is the same line as the previous token,
// then `inline` is `true`
inline: boolean
}
console.log(parse(content, null, true))
And the result will be:
{
foo: 1,
bar: [
"baz",
"quux"
]
}
const parsed = parse(`
// comment
1
`)
console.log(parsed === 1)
// false
If we parse a JSON of primative type with remove_comments:false
, then the return value of parse()
will be of object type.
The value of parsed
is equivalent to:
const parsed = new Number(1)
parsed[Symbol.for('before-all')] = [{
type: 'LineComment',
value: ' comment',
inline: false
}]
Which is similar for:
Boolean
typeString
typeFor example
const parsed = parse(`
"foo" /* comment */
`)
Which is equivalent to
const parsed = new String('foo')
parsed[Symbol.for('after-all')] = [{
type: 'BlockComment',
value: ' comment ',
inline: true
}]
But there is one exception:
const parsed = parse(`
// comment
null
`)
console.log(parsed === null) // true
stringify(object: any, replacer?, space?): string
The arguments are the same as the vanilla JSON.stringify
.
And it does the similar thing as the vanilla one, but also deal with extra properties and convert them into comments.
console.log(stringify(parsed, null, 2))
// Exactly the same as `content`
If space is not specified, or the space is an empty string, the result of stringify()
will have no comments.
For the case above:
console.log(stringify(result)) // {"a":1}
console.log(stringify(result, null, 2)) // is the same as `code`
FAQs
Parse and stringify JSON with comments. It will retain comments even after saved!
The npm package comment-json receives a total of 1,445,011 weekly downloads. As such, comment-json popularity was classified as popular.
We found that comment-json demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.