Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
fast-safe-stringify
Advanced tools
The fast-safe-stringify package is designed for safely converting JavaScript objects into JSON strings without running into issues like circular references, which can cause the native JSON.stringify to throw an error. It aims to provide a fast and safe way to serialize objects, including those that may contain circular references, functions, and other non-JSON-safe values.
Safe serialization of circular references
This feature allows you to safely serialize objects that contain circular references, which would otherwise throw an error with JSON.stringify.
const stringify = require('fast-safe-stringify');
const obj = {};
obj.a = { b: obj };
console.log(stringify(obj));
Stable serialization
Provides an option for stable serialization, where the output JSON string's property order is deterministic, making it suitable for hashing, comparisons, etc.
const stringify = require('fast-safe-stringify').stable;
const obj = { c: 8, b: [{z:6,y:5,x:4},7], a: 3 };
console.log(stringify(obj));
Serialization with decycler
Allows custom handling of circular references during serialization, enabling you to replace or transform circular references in the resulting JSON string.
const stringify = require('fast-safe-stringify').stable;
function replaceCircular(key, value, circular) { return circular ? '[Circular]' : value; }
const obj = {};
obj.a = obj;
console.log(stringify(obj, replaceCircular));
Similar to fast-safe-stringify, json-stringify-safe provides a way to safely serialize objects into JSON strings, handling circular references by replacing them with a custom string. It's a bit slower compared to fast-safe-stringify but serves a similar purpose.
Flatted is a package that serializes and deserializes JavaScript objects, including nested and circular references. Unlike fast-safe-stringify, which returns a JSON string, Flatted returns a flattened string representation that can be re-parsed into the original object structure, including circular references.
Safely and quickly serialize JavaScript objects
Detects circular dependencies instead of throwing
(as per usual JSON.stringify
usage)
var safeStringify = require('fast-safe-stringify')
var o = {a: 1}
o.o = o
console.log(safeStringify(o)) // '{"a":1,"o":"[Circular]"}'
console.log(JSON.stringify(o)) //<-- throws
fast-safe-stringify
would not attempt to detect circular dependencies
on objects that have a toJSON
function. If you need to do that, you
will need to attach a toJSON.forceDecirc = true
property, like
so:
var obj = {
toJSON: function () {
// something here..
return { something: 'else' }
}
}
obj.toJSON.forceDecirc = true
The json-stringify-safe module supplies similar functionality with more info and flexibility.
Although not JSON, the core util.inspect
method can be used for similar purposes (e.g. logging) and also handles circular references.
Here we compare fast-safe-stringify
with these alternatives:
inspectBench*10000: 179.608ms
jsonStringifySafeBench*10000: 30.099ms
fastSafeStringifyBench*10000: 19.965ms
inspectCircBench*10000: 220.763ms
jsonStringifyCircSafeBench*10000: 39.115ms
fastSafeStringifyCircBench*10000: 29.444ms
inspectDeepBench*10000: 2231.148ms
jsonStringifySafeDeepBench*10000: 880.177ms
fastSafeStringifyDeepBench*10000: 230.209ms
inspectDeepCircBench*10000: 2221.848ms
jsonStringifySafeDeepCircBench*10000: 922.314ms
fastSafeStringifyDeepCircBench*10000: 236.024ms
Whether you're using fast-safe-stringify
or json-stringify-safe
if your use case consists of deeply nested objects without circular
references the following pattern will give you best results:
var fastSafeStringify = require('fast-safe-stringify')
function tryStringify (obj) {
try { return JSON.stringify(obj) } catch (_) {}
}
var str = tryStringify(deep) || fastSafeStringify(deep)
If you're likely to be handling mostly shallow or one level nested objects, this same pattern will degrade performance - it's entirely dependant on use case.
JSON.stringify's replacer
and space
options are not supported. Any value
other than 0 for space
halves the speed, and providing a replacer function
can result in a segfault. Given that the primary focus of this serializer is
speed, the trade offs for supporting these options are not desirable.
Sponsored by nearForm
MIT
FAQs
Safely and quickly serialize JavaScript objects
We found that fast-safe-stringify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.