Comparing version 1.1.0 to 1.1.1
declare function destr(val: any): any; | ||
export default destr; | ||
export { destr as default }; |
{ | ||
"name": "destr", | ||
"version": "1.1.0", | ||
"version": "1.1.1", | ||
"description": "A faster, secure and convenient alternative for JSON.parse", | ||
"repository": "nuxt-contrib/destr", | ||
"repository": "unjs/destr", | ||
"license": "MIT", | ||
"main": "dist/index.js", | ||
"module": "dist/index.mjs", | ||
"main": "./dist/index.cjs", | ||
"module": "./dist/index.mjs", | ||
"type": "module", | ||
"exports": { | ||
".": { | ||
"import": "./dist/index.mjs", | ||
"require": "./dist/index.cjs" | ||
} | ||
}, | ||
"types": "dist/index.d.ts", | ||
@@ -13,9 +20,2 @@ "files": [ | ||
], | ||
"scripts": { | ||
"bench": "yarn build && node ./bench.js", | ||
"build": "siroc build", | ||
"lint": "eslint --ext .ts .", | ||
"release": "yarn test && yarn build && standard-version && git push --follow-tags && npm publish", | ||
"test": "yarn lint" | ||
}, | ||
"devDependencies": { | ||
@@ -28,6 +28,15 @@ "@hapi/bourne": "latest", | ||
"secure-json-parse": "latest", | ||
"siroc": "latest", | ||
"standard-version": "latest", | ||
"typescript": "latest" | ||
} | ||
} | ||
"typescript": "latest", | ||
"unbuild": "latest" | ||
}, | ||
"packageManager": "pnpm@6.32.3", | ||
"scripts": { | ||
"bench": "pnpm build && node ./bench.cjs", | ||
"build": "unbuild", | ||
"lint": "eslint --ext .ts .", | ||
"release": "pnpm test && pnpm build && standard-version && git push --follow-tags && pnpm publish", | ||
"test": "pnpm lint" | ||
}, | ||
"readme": "# destr\n\n> A faster, secure and convenient alternative for [`JSON.parse`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse):\n\n[![npm version][npm-v-src]][npm-v-href]\n[![npm downloads][npm-d-src]][npm-d-href]\n[![bundle phobia][bundlephobia-src]][bundlephobia-href]\n\n## Usage\n\n### Node.js\n\nInstall using npm or yarn:\n\n```bash\nnpm i destr\n# or\nyarn add destr\n```\n\nImport into your Node.js project:\n\n```js\n// CommonJS\nconst destr = require('destr')\n\n// ESM\nimport destr from 'destr'\n```\n\n### Deno\n\n```js\nimport destr from 'https://deno.land/x/destr/src/index.ts'\n\nconsole.log(destr('{ \"deno\": \"yay\" }'))\n```\n\n## Why?\n\nPlease note that `destr` is little bit slower when parsing a standard JSON string mainly because of transform to avoid [prototype pollution](https://hueniverse.com/a-tale-of-prototype-poisoning-2610fa170061) which can lead to serious security issues if not being sanitized. In the other words, `destr` is better when input is not always a json string or from untrusted source like request body.\n\n**Fast fallback to input if is not string:**\n\n```js\n// Uncaught SyntaxError: Unexpected token u in JSON at position 0\nJSON.parse()\n\n// undefined\ndestr()\n```\n\n```js\n// JSON.parse x 5,324,474 ops/sec ±0.65% (94 runs sampled)\nJSON.parse(3.14159265359)\n\n// destr x 657,187,095 ops/sec ±0.06% (98 runs sampled)\ndestr(3.14159265359)\n```\n\n**Fast lookup for known string values:**\n\n```js\n// Uncaught SyntaxError: Unexpected token T in JSON at position 0\nJSON.parse('TRUE')\n\n// true\ndestr('TRUE')\n```\n\n```js\n// JSON.parse x 10,407,488 ops/sec ±0.30% (97 runs sampled)\nJSON.parse('true')\n\n// destr x 88,634,032 ops/sec ±0.32% (95 runs sampled)\ndestr('true')\n```\n\n**Fallback to original value if parse fails (empty or any plain string):**\n\n```js\n// Uncaught SyntaxError: Unexpected token s in JSON at position 0\n// JSON.parse (try-catch) x 248,212 ops/sec ±1.22% (84 runs sampled\nJSON.parse('salam')\n\n// destr x 30,867,179 ops/sec ±0.49% (94 runs sampled)\ndestr('salam')\n```\n\n**Avoid prototype pollution:**\n\n```js\nconst input = '{ \"user\": { \"__proto__\": { \"isAdmin\": true } } }'\n\n// { user: { __proto__: { isAdmin: true } } }\nJSON.parse(input)\n\n// { user: {} }\ndestr(input)\n```\n\n## License\n\nMIT. Made with 💖\n\n<!-- Refs -->\n[npm-v-src]: https://img.shields.io/npm/v/destr?style=flat-square\n[npm-v-href]: https://npmjs.com/package/destr\n\n[npm-d-src]: https://img.shields.io/npm/dm/destr?style=flat-square\n[npm-d-href]: https://npmjs.com/package/destr\n\n[github-actions-src]: https://img.shields.io/github/workflow/status/unjs/destr/ci/master?style=flat-square\n[github-actions-href]: https://github.com/unjs/destr/actions?query=workflow%3Aci\n\n[bundlephobia-src]: https://img.shields.io/bundlephobia/min/destr?style=flat-square\n[bundlephobia-href]: https://bundlephobia.com/result?p=destr\n" | ||
} |
@@ -41,3 +41,3 @@ # destr | ||
Please note that `destr` is little bit slower when parsing a standard JSON string mainly because of transform to avoid [prototype pollution](https://hueniverse.com/a-tale-of-prototype-poisoning-2610fa170061) which can lead to serious security issues if not being sanetized. In the other words, `destr` is better when input is not always a json string or from untrsuted source like request body. | ||
Please note that `destr` is little bit slower when parsing a standard JSON string mainly because of transform to avoid [prototype pollution](https://hueniverse.com/a-tale-of-prototype-poisoning-2610fa170061) which can lead to serious security issues if not being sanitized. In the other words, `destr` is better when input is not always a json string or from untrusted source like request body. | ||
@@ -114,6 +114,6 @@ **Fast fallback to input if is not string:** | ||
[github-actions-src]: https://img.shields.io/github/workflow/status/nuxt-contrib/destr/ci/master?style=flat-square | ||
[github-actions-href]: https://github.com/nuxt-contrib/destr/actions?query=workflow%3Aci | ||
[github-actions-src]: https://img.shields.io/github/workflow/status/unjs/destr/ci/master?style=flat-square | ||
[github-actions-href]: https://github.com/unjs/destr/actions?query=workflow%3Aci | ||
[bundlephobia-src]: https://img.shields.io/bundlephobia/min/destr?style=flat-square | ||
[bundlephobia-href]: https://bundlephobia.com/result?p=destr |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
10435
Yes
6