Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
javascript-stringify
Advanced tools
javascript-stringify
Stringify is to `eval` as `JSON.stringify` is to `JSON.parse`
What is javascript-stringify?
The javascript-stringify npm package is designed to safely serialize JavaScript expressions to a string representation that can be readily parsed by JavaScript engines. This is particularly useful for scenarios where you need to generate code or serialize objects and functions in a way that retains their behavior and structure.
What are javascript-stringify's main functionalities?
Serialize Objects
This feature allows the serialization of objects into a string format that can be evaluated by JavaScript. Useful for logging or storing configurations.
const stringify = require('javascript-stringify');
const object = { a: 1, b: 'text', c: true };
const stringified = stringify(object);
console.log(stringified);Serialize Functions
Enables the serialization of functions, preserving the function's structure and content. Ideal for scenarios where functions need to be transmitted or stored and later reconstructed.
const stringify = require('javascript-stringify');
function exampleFunction() {
return 'Hello, World!';
}
const stringified = stringify(exampleFunction);
console.log(stringified);Custom Serialization
Supports custom serialization options such as limiting the depth of serialization. This is useful for complex objects where deep nesting occurs.
const stringify = require('javascript-stringify');
const object = { a: 1, b: undefined, c: function() {} };
const stringified = stringify(object, null, null, { maxDepth: 3 });
console.log(stringified);Other packages similar to javascript-stringify
json-stringify-safe
Similar to javascript-stringify, json-stringify-safe handles circular dependencies gracefully when serializing objects to JSON. However, it does not handle functions or provide options for custom serialization depth.
serialize-javascript
This package offers functionality similar to javascript-stringify by allowing serialization of objects including functions and regex expressions. It provides XSS protection which javascript-stringify does not focus on.
JavaScript Stringify
Stringify is to
evalasJSON.stringifyis toJSON.parse.
Installation
npm install javascript-stringify --save
Usage
import { stringify } from "javascript-stringify";
The API is similar JSON.stringify:
valueThe value to convert to a stringreplacerA function that alters the behavior of the stringification processspaceA string or number that's used to insert white space into the output for readability purposesoptions- maxDepth (number, default: 100) The maximum depth of values to stringify
- maxValues (number, default: 100000) The maximum number of values to stringify
- references (boolean, default: false) Restore circular/repeated references in the object (uses IIFE)
- skipUndefinedProperties (boolean, default: false) Omits
undefinedproperties instead of restoring asundefined
Examples
stringify({}); // "{}"
stringify(true); // "true"
stringify("foo"); // "'foo'"
stringify({ x: 5, y: 6 }); // "{x:5,y:6}"
stringify([1, 2, 3, "string"]); // "[1,2,3,'string']"
stringify({ a: { b: { c: 1 } } }, null, null, { maxDepth: 2 }); // "{a:{b:{}}}"
/**
* Invalid key names are automatically stringified.
*/
stringify({ "some-key": 10 }); // "{'some-key':10}"
/**
* Some object types and values can remain identical.
*/
stringify([/.+/gi, new Number(10), new Date()]); // "[/.+/gi,new Number(10),new Date(1406623295732)]"
/**
* Unknown or circular references are removed.
*/
var obj = { x: 10 };
obj.circular = obj;
stringify(obj); // "{x:10}"
stringify(obj, null, null, { references: true }); // "(function(){var x={x:10};x.circular=x;return x;}())"
/**
* Specify indentation - just like `JSON.stringify`.
*/
stringify({ a: 2 }, null, " "); // "{\n a: 2\n}"
stringify({ uno: 1, dos: 2 }, null, "\t"); // "{\n\tuno: 1,\n\tdos: 2\n}"
/**
* Add custom replacer behaviour - like double quoted strings.
*/
stringify(["test", "string"], function (value, indent, stringify) {
if (typeof value === "string") {
return '"' + value.replace(/"/g, '\\"') + '"';
}
return stringify(value);
});
//=> '["test","string"]'
Formatting
You can use your own code formatter on the result of javascript-stringify. Here is an example using eslint:
const { CLIEngine } = require("eslint");
const { stringify } = require("javascript-stringify");
const { APP_ROOT_PATH, ESLINTRC_FILE_PATH } = require("./constants");
const ESLINT_CLI = new CLIEngine({
fix: true,
cwd: APP_ROOT_PATH,
configFile: ESLINTRC_FILE_PATH,
});
module.exports = (objectToStringify) => {
return ESLINT_CLI.executeOnText(stringify(objectToStringify)).results[0]
.output;
};
License
MIT
FAQs
Stringify is to `eval` as `JSON.stringify` is to `JSON.parse`
The npm package javascript-stringify receives a total of 2,005,673 weekly downloads. As such, javascript-stringify popularity was classified as popular.
We found that javascript-stringify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 14 Apr 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025