Security News
New Python Packaging Proposal Aims to Solve Phantom Dependency Problem with SBOMs
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
[![npm stat](https://img.shields.io/npm/dm/groq-js.svg?style=flat-square)](https://npm-stat.com/charts.html?package=groq-js) [![npm version](https://img.shields.io/npm/v/groq-js.svg?style=flat-square)](https://www.npmjs.com/package/groq-js) [![gzip size][
The groq-js package is a JavaScript implementation of GROQ (Graph-Relational Object Queries), a query language designed for querying JSON documents. It allows you to perform complex queries on JSON data structures, making it particularly useful for applications that need to filter, sort, and transform JSON data.
Basic Querying
This feature allows you to perform basic queries on JSON data. In this example, the query fetches all objects of type 'person' from the data.
const groq = require('groq-js');
const data = { "name": "John", "age": 30 };
const query = '*[_type == "person"]';
const result = groq.evaluate(query, data);
console.log(result);
Filtering
This feature allows you to filter JSON data based on specific conditions. In this example, the query fetches all objects where the age is greater than 25.
const groq = require('groq-js');
const data = [
{ "name": "John", "age": 30 },
{ "name": "Jane", "age": 25 }
];
const query = '*[age > 25]';
const result = groq.evaluate(query, data);
console.log(result);
Projection
This feature allows you to project specific fields from JSON data. In this example, the query fetches only the 'name' and 'city' fields from the data.
const groq = require('groq-js');
const data = { "name": "John", "age": 30, "address": { "city": "New York" } };
const query = '{ name, address.city }';
const result = groq.evaluate(query, data);
console.log(result);
Sorting
This feature allows you to sort JSON data based on specific fields. In this example, the query sorts the objects by age in descending order.
const groq = require('groq-js');
const data = [
{ "name": "John", "age": 30 },
{ "name": "Jane", "age": 25 }
];
const query = '* | order(age desc)';
const result = groq.evaluate(query, data);
console.log(result);
The json-query package allows you to query JSON data using a simple query language. It is similar to groq-js in that it provides filtering, sorting, and projection capabilities, but it uses a different syntax and may not support all the advanced features of GROQ.
The jmespath package is a query language for JSON, similar to groq-js. It allows you to search, filter, and transform JSON data. JMESPath is known for its powerful and flexible query capabilities, but it has a different syntax compared to GROQ.
The jsonpath package provides a way to query JSON data using a path-based syntax. It is similar to groq-js in that it allows for complex queries, but it uses a different approach and syntax. JSONPath is widely used and has a strong community support.
GROQ-JS is a JavaScript implementation of GROQ which follows the official specification.
import {parse, evaluate} from 'groq-js'
let input = '*[_type == "user"]{name}'
// Returns an ESTree-inspired syntax tree
let tree = parse(input)
let dataset = [
{_type: 'user', name: 'Michael'},
{_type: 'company', name: 'Bluth Company'},
]
// Evaluate a tree against a dataset
let value = await evaluate(tree, {dataset})
// Gather everything into one JavaScript object
let result = await value.get()
console.log(result)
Table of contents:
npm i groq-js
yarn add groq-js
pnpm install groq-js
See API.md for the public API.
The GROQ spec version is independent of the groq-js library version. When you import groq-js you need to be explicit on which GROQ version you want to use. The GROQ version is tied to the groq-spec. This allows us to update the library and its API independent of the GROQ version.
GROQ-JS follows SemVer. See the changelog for recent changes. This is an "experimental" release and anything may change at any time, but we're trying to keep changes as minimal as possible:
Run the "CI & Release" workflow. Make sure to select the main branch and check "Release new version".
Version will be automatically bumped based on conventional commits since the last release.
Semantic release will only release on configured branches, so it is safe to run release on any branch.
Note: commits with chore:
will be ignored. If you want updated dependencies to trigger
a new version, use fix(deps):
instead.
MIT © Sanity.io
Tests are written in Jest:
# Install dependencies
npm i
# Run tests
npm test
You can also generate tests from the official GROQ test suite:
# Fetch and generate test file:
./test/generate.sh
# Run tests as usual:
npm test
You can generate tests from a specific version:
GROQTEST_SUITE_VERSION=v0.1.33 ./test/generate.sh
or from a file (as generated by the test suite):
GROQTEST_SUITE=suite.ndjson ./test/generate.sh
The test arguments are passed to tap
, so you can use arguments, e.g. to run a specific set of tests:
npm test -g "array::join"
FAQs
[![npm stat](https://img.shields.io/npm/dm/groq-js.svg?style=flat-square)](https://npm-stat.com/charts.html?package=groq-js) [![npm version](https://img.shields.io/npm/v/groq-js.svg?style=flat-square)](https://www.npmjs.com/package/groq-js) [![gzip size][
The npm package groq-js receives a total of 60,409 weekly downloads. As such, groq-js popularity was classified as popular.
We found that groq-js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
PEP 770 proposes adding SBOM support to Python packages to improve transparency and catch hidden non-Python dependencies that security tools often miss.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.