Research
Security News
The Growing Risk of Malicious Browser Extensions
Socket researchers uncover how browser extensions in trusted stores are used to hijack sessions, redirect traffic, and manipulate user behavior.
By Kush Pandya - Jun 13, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
javascript-stringify
Advanced tools
javascript-stringify
Stringify is to `eval` as `JSON.stringify` is to `JSON.parse`
What is javascript-stringify?
The javascript-stringify npm package is designed to safely serialize JavaScript expressions to a string representation that can be readily parsed by JavaScript engines. This is particularly useful for scenarios where you need to generate code or serialize objects and functions in a way that retains their behavior and structure.
What are javascript-stringify's main functionalities?
Serialize Objects
This feature allows the serialization of objects into a string format that can be evaluated by JavaScript. Useful for logging or storing configurations.
const stringify = require('javascript-stringify');
const object = { a: 1, b: 'text', c: true };
const stringified = stringify(object);
console.log(stringified);Serialize Functions
Enables the serialization of functions, preserving the function's structure and content. Ideal for scenarios where functions need to be transmitted or stored and later reconstructed.
const stringify = require('javascript-stringify');
function exampleFunction() {
return 'Hello, World!';
}
const stringified = stringify(exampleFunction);
console.log(stringified);Custom Serialization
Supports custom serialization options such as limiting the depth of serialization. This is useful for complex objects where deep nesting occurs.
const stringify = require('javascript-stringify');
const object = { a: 1, b: undefined, c: function() {} };
const stringified = stringify(object, null, null, { maxDepth: 3 });
console.log(stringified);Other packages similar to javascript-stringify
json-stringify-safe
Similar to javascript-stringify, json-stringify-safe handles circular dependencies gracefully when serializing objects to JSON. However, it does not handle functions or provide options for custom serialization depth.
serialize-javascript
This package offers functionality similar to javascript-stringify by allowing serialization of objects including functions and regex expressions. It provides XSS protection which javascript-stringify does not focus on.
JavaScript Stringify
Stringify is to
evalasJSON.stringifyis toJSON.parse.
Installation
npm install javascript-stringify --save
Usage
import { stringify } from "javascript-stringify";
The API is similar JSON.stringify:
valueThe value to convert to a stringreplacerA function that alters the behavior of the stringification processspaceA string or number that's used to insert white space into the output for readability purposesoptions- maxDepth (number, default: 100) The maximum depth of values to stringify
- maxValues (number, default: 100000) The maximum number of values to stringify
- references (boolean, default: false) Restore circular/repeated references in the object (uses IIFE)
- skipUndefinedProperties (boolean, default: false) Omits
undefinedproperties instead of restoring asundefined
Examples
stringify({}); // "{}"
stringify(true); // "true"
stringify("foo"); // "'foo'"
stringify({ x: 5, y: 6 }); // "{x:5,y:6}"
stringify([1, 2, 3, "string"]); // "[1,2,3,'string']"
stringify({ a: { b: { c: 1 } } }, null, null, { maxDepth: 2 }); // "{a:{b:{}}}"
/**
* Invalid key names are automatically stringified.
*/
stringify({ "some-key": 10 }); // "{'some-key':10}"
/**
* Some object types and values can remain identical.
*/
stringify([/.+/gi, new Number(10), new Date()]); // "[/.+/gi,new Number(10),new Date(1406623295732)]"
/**
* Unknown or circular references are removed.
*/
var obj = { x: 10 };
obj.circular = obj;
stringify(obj); // "{x:10}"
stringify(obj, null, null, { references: true }); // "(function(){var x={x:10};x.circular=x;return x;}())"
/**
* Specify indentation - just like `JSON.stringify`.
*/
stringify({ a: 2 }, null, " "); // "{\n a: 2\n}"
stringify({ uno: 1, dos: 2 }, null, "\t"); // "{\n\tuno: 1,\n\tdos: 2\n}"
/**
* Add custom replacer behaviour - like double quoted strings.
*/
stringify(["test", "string"], function (value, indent, stringify) {
if (typeof value === "string") {
return '"' + value.replace(/"/g, '\\"') + '"';
}
return stringify(value);
});
//=> '["test","string"]'
Formatting
You can use your own code formatter on the result of javascript-stringify. Here is an example using eslint:
const { CLIEngine } = require("eslint");
const { stringify } = require("javascript-stringify");
const { APP_ROOT_PATH, ESLINTRC_FILE_PATH } = require("./constants");
const ESLINT_CLI = new CLIEngine({
fix: true,
cwd: APP_ROOT_PATH,
configFile: ESLINTRC_FILE_PATH,
});
module.exports = (objectToStringify) => {
return ESLINT_CLI.executeOnText(stringify(objectToStringify)).results[0]
.output;
};
License
MIT
FAQs
Stringify is to `eval` as `JSON.stringify` is to `JSON.parse`
The npm package javascript-stringify receives a total of 1,873,622 weekly downloads. As such, javascript-stringify popularity was classified as popular.
We found that javascript-stringify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Apr 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
2025 Blockchain and Cryptocurrency Threat Report: Malware in the Open Source Supply Chain
An in-depth analysis of credential stealers, crypto drainers, cryptojackers, and clipboard hijackers abusing open source package registries to compromise Web3 development environments.
By Kirill Boychenko - Jun 12, 2025
Security News
pnpm 10.12 Introduces Global Virtual Store and Expanded Version Catalogs
pnpm 10.12.1 introduces a global virtual store for faster installs and new options for managing dependencies with version catalogs.
By Sarah Gooding - Jun 11, 2025