Security News
The Hidden Blast Radius of the Axios Compromise
The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.
By Ahmad Nassri - Apr 01, 2026
New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details → →
firebase-json
Advanced tools
firebase-json
Parser for Firebase rules JSON files.
It supersedes RFC 7159 with those additions:
- support multi line ("/* [...] */") and single line ("// [...]") comments;
- support multi line strings (without escaping the line feed);
- disallow duplicate keys in objects;
- and allow trailing commas in objects and array.
Example
To parse Firebase rules:
const json = require('firebase-json');
const fs = require('js');
const rules = json.parse(fs.readFileSync('./rules.json', 'utf8'));
console.log(rules);
Motivation
This is primarily used to load rules for targaryen test.
The alternatives are:
- To strip the comment with strip-json-comments and to not use multi line string.
- To write the rules in json5 and compile them before testing them in targaryen or upload them (json5 rules using multi line string won't be compatible with Firebase format).
- To write the rules in Firebase's bolt and compile the rules before testing them with targaryen; for deployment, firebase-tools support bolt rules.
Those solutions might limit or disrupt your current work flow or deployment. Parsing the rule might also allow us later to map a rule syntax or evaluation error to a specific place in the JSON file similarly to Firebase simulator.
Installation
npm install firebase-json
API
-
parse(json: rules): anyParse the firebase-json encoded string.
-
load(filePath: string, options: void|string|object): Promise<any,Error>Read the file and parse its firebase-json encoded content.
-
loadSync(filePath: string, options: void|string|object): anyRead the file synchronously and parse its firebase-json encoded content.
-
ast(json: rules): {type: string, expression: object, loc: object}Parse the firebase-json encoded string into an to intermediary AST. It uses the ESTree AST schema and returns an "ExpressionStatement" node.
Tests
git clone git@github.com:dinoboff/firebase-json.git
cd firebase-json
npm i
npm test
Contributors
Firebase-json is maintained by Damien Lebrun.
The parser is generated by David Majda's Pegjs. The firebase-json grammar definition is based on Pegjs JSON grammar example.
License
MIT License
Copyright (c) 2017 Damien Lebrun
FAQs
Parser for JSON based Firebase rules files
The npm package firebase-json receives a total of 2,774 weekly downloads. As such, firebase-json popularity was classified as popular.
We found that firebase-json demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 25 Jun 2017
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Supply Chain Attack on Axios Pulls Malicious Dependency from npm
A supply chain attack on Axios introduced a malicious dependency, plain-crypto-js@4.2.1, published minutes earlier and absent from the project’s GitHub releases.
By Socket Research Team - Mar 31, 2026
Research
TeamPCP Compromises Telnyx Python SDK to Deliver Credential-Stealing Malware
Malicious versions of the Telnyx Python SDK on PyPI delivered credential-stealing malware via a multi-stage supply chain attack.
By Socket Research Team - Mar 27, 2026