destr - npm Package Compare versions

Comparing version 1.2.0 to 1.2.1

dist/index.d.ts

		declare type Options = {
		strict?: boolean;
		};
		declare function destr(val: any, options?: Options): any;
		declare function destr(value: any, options?: Options): any;

		export { Options, destr as default };

package.json

		{
		"name": "destr",
		"version": "1.2.0",
		"version": "1.2.1",
		"description": "A faster, secure and convenient alternative for JSON.parse",
		@@ -23,5 +23,5 @@ "repository": "unjs/destr",
		"@hapi/bourne": "^3.0.0",
		"@nuxtjs/eslint-config-typescript": "^11.0.0",
		"benchmark": "^2.1.4",
		"eslint": "^8.25.0",
		"eslint": "^8.27.0",
		"eslint-config-unjs": "^0.0.2",
		"secure-json-parse": "^2.5.0",
		@@ -32,3 +32,3 @@ "standard-version": "^9.5.0",
		},
		"packageManager": "pnpm@6.34.0",
		"packageManager": "pnpm@7.16.0",
		"scripts": {
		@@ -40,4 +40,3 @@ "bench": "pnpm build && node ./bench.cjs",
		"test": "pnpm lint"
		},
		"readme": "# destr\n\n> A faster, secure and convenient alternative for [`JSON.parse`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse):\n\n[![npm version][npm-v-src]][npm-v-href]\n[![npm downloads][npm-d-src]][npm-d-href]\n[![bundle phobia][bundlephobia-src]][bundlephobia-href]\n\n## Usage\n\n### Node.js\n\nInstall using npm or yarn:\n\n```bash\nnpm i destr\n# or\nyarn add destr\n```\n\nImport into your Node.js project:\n\n```js\n// CommonJS\nconst destr = require('destr')\n\n// ESM\nimport destr from 'destr'\n```\n\n### Deno\n\n```js\nimport destr from 'https://deno.land/x/destr/src/index.ts'\n\nconsole.log(destr('{ \"deno\": \"yay\" }'))\n```\n\n### Options\n\n`destr` allows the following options as the second argument:\n\n#### `strict`\n\nDefault: `false`\n\nIf set to `true`, `destr` will throw an error if the input is not a valid JSON string or parsing fails.\n\n```js\n// Returns \"[foo\"\ndestr('[foo')\n\n// Throws an error\ndestr('[foo', { strict: true })\n```\n\n## Why?\n\nPlease note that `destr` is little bit slower when parsing a standard JSON string mainly because of transform to avoid [prototype pollution](https://hueniverse.com/a-tale-of-prototype-poisoning-2610fa170061) which can lead to serious security issues if not being sanitized. In the other words, `destr` is better when input is not always a json string or from untrusted source like request body.\n\nFast fallback to input if is not string:\n\n```js\n// Uncaught SyntaxError: Unexpected token u in JSON at position 0\nJSON.parse()\n\n// undefined\ndestr()\n```\n\nFast lookup for known string values:\n\n```js\n// Uncaught SyntaxError: Unexpected token T in JSON at position 0\nJSON.parse('TRUE')\n\n// true\ndestr('TRUE')\n```\n\nFallback to original value if parse fails (empty or any plain string):\n\n```js\n// Uncaught SyntaxError: Unexpected token s in JSON at position 0\nJSON.parse('salam')\n\n// \"salam\"\ndestr('salam')\n```\n\nAvoid prototype pollution:\n\n```js\nconst input = '{ \"user\": { \"__proto__\": { \"isAdmin\": true } } }'\n\n// { user: { __proto__: { isAdmin: true } } }\nJSON.parse(input)\n\n// { user: {} }\ndestr(input)\n```\n\n## Benchmarks\n\nLocally try with `pnpm benchmark`\n\nResults on Node.js 18.11.0 with MBA M2\n\n```\n=== Non-string fallback ==\nJSON.parse x 10,323,718 ops/sec ±0.45% (96 runs sampled)\ndestr x 1,057,268,114 ops/sec ±1.71% (90 runs sampled)\ndestr (strict) x 977,215,995 ops/sec ±1.43% (97 runs sampled)\nsjson:\n@hapi/bourne x 10,151,985 ops/sec ±0.76% (96 runs sampled)\nFastest is destr\n\n=== Known values ==\nJSON.parse x 16,359,358 ops/sec ±0.90% (92 runs sampled)\ndestr x 107,849,085 ops/sec ±0.34% (97 runs sampled)\ndestr (strict) x 107,891,427 ops/sec ±0.34% (99 runs sampled)\nsjson x 14,216,957 ops/sec ±0.98% (89 runs sampled)\n@hapi/bourne x 15,209,152 ops/sec ±1.08% (88 runs sampled)\nFastest is destr (strict),destr\n\n=== Plain string ==\nJSON.parse (try-catch) x 211,560 ops/sec ±0.84% (92 runs sampled)\ndestr x 60,315,113 ops/sec ±0.46% (98 runs sampled)\ndestr (strict):\nsjson (try-catch) x 186,492 ops/sec ±0.70% (97 runs sampled)\n@hapi/bourne:\nFastest is destr\n\n=== standard object ==\nJSON.parse x 492,180 ops/sec ±0.98% (98 runs sampled)\ndestr x 356,819 ops/sec ±0.40% (98 runs sampled)\ndestr (strict) x 412,955 ops/sec ±0.88% (94 runs sampled)\nsjson x 437,376 ops/sec ±0.42% (102 runs sampled)\n@hapi/bourne x 457,020 ops/sec ±0.81% (99 runs sampled)\nFastest is JSON.parse\n\n=== invalid syntax ==\nJSON.parse (try-catch) x 493,739 ops/sec ±0.51% (98 runs sampled)\ndestr x 405,848 ops/sec ±0.56% (100 runs sampled)\ndestr (strict) x 409,514 ops/sec ±0.57% (101 runs sampled)\nsjson (try-catch) x 435,406 ops/sec ±0.41% (100 runs sampled)\n@hapi/bourne x 467,163 ops/sec ±0.42% (99 runs sampled)\nFastest is JSON.parse (try-catch)\n```\n\n## License\n\nMIT. Made with 💖\n\n<!-- Refs -->\n[npm-v-src]: https://img.shields.io/npm/v/destr?style=flat-square\n[npm-v-href]: https://npmjs.com/package/destr\n\n[npm-d-src]: https://img.shields.io/npm/dm/destr?style=flat-square\n[npm-d-href]: https://npmjs.com/package/destr\n\n[github-actions-src]: https://img.shields.io/github/workflow/status/unjs/destr/ci/master?style=flat-square\n[github-actions-href]: https://github.com/unjs/destr/actions?query=workflow%3Aci\n\n[bundlephobia-src]: https://img.shields.io/bundlephobia/min/destr?style=flat-square\n[bundlephobia-href]: https://bundlephobia.com/result?p=destr\n"
		}
		}

README.md

		@@ -39,24 +39,5 @@ # destr

		### Options

		`destr` allows the following options as the second argument:

		#### `strict`

		Default: `false`

		If set to `true`, `destr` will throw an error if the input is not a valid JSON string or parsing fails.

		```js
		// Returns "[foo"
		destr('[foo')

		// Throws an error
		destr('[foo', { strict: true })
		```

		## Why?

		Please note that `destr` is little bit slower when parsing a standard JSON string mainly because of transform to avoid [prototype pollution](https://hueniverse.com/a-tale-of-prototype-poisoning-2610fa170061) which can lead to serious security issues if not being sanitized. In the other words, `destr` is better when input is not always a json string or from untrusted source like request body.

		Fast fallback to input if is not string:
		@@ -104,7 +85,19 @@

		### Strict Mode

		If `{ strict: true }` passed as second argument, `destr` will throw an error if the input is not a valid JSON string or parsing fails. (non string values and built-ins will be still returned as-is)

		```js
		// Returns "[foo"
		destr('[foo')

		// Throws an error
		destr('[foo', { strict: true })
		```

		## Benchmarks

		Locally try with `pnpm benchmark`
		Locally try with `pnpm benchmark`. Below are esults on Node.js 18.11.0 with MBA M2.

		Results on Node.js 18.11.0 with MBA M2
		Note `destr` is sometimes little bit slower than `JSON.parse` when parsing a valid JSON string mainly because of transform to avoid [prototype pollution](https://learn.snyk.io/lessons/prototype-pollution/javascript/) which can lead to serious security issues if not being sanitized. In the other words, `destr` is better when input is not always a json string or from untrusted source like request body.

		@@ -111,0 +104,0 @@ ```

dist/index.cjs

Sorry, the diff of this file is not supported yet

dist/index.mjs

Sorry, the diff of this file is not supported yet

LICENSE

Sorry, the diff of this file is not supported yet

destr - npm Package Compare versions

New alerts

Fixed alerts

Worsened metrics