
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
javascript-stringify
Advanced tools
Stringify is to `eval` as `JSON.stringify` is to `JSON.parse`
The javascript-stringify npm package is designed to safely serialize JavaScript expressions to a string representation that can be readily parsed by JavaScript engines. This is particularly useful for scenarios where you need to generate code or serialize objects and functions in a way that retains their behavior and structure.
Serialize Objects
This feature allows the serialization of objects into a string format that can be evaluated by JavaScript. Useful for logging or storing configurations.
const stringify = require('javascript-stringify');
const object = { a: 1, b: 'text', c: true };
const stringified = stringify(object);
console.log(stringified);
Serialize Functions
Enables the serialization of functions, preserving the function's structure and content. Ideal for scenarios where functions need to be transmitted or stored and later reconstructed.
const stringify = require('javascript-stringify');
function exampleFunction() {
return 'Hello, World!';
}
const stringified = stringify(exampleFunction);
console.log(stringified);
Custom Serialization
Supports custom serialization options such as limiting the depth of serialization. This is useful for complex objects where deep nesting occurs.
const stringify = require('javascript-stringify');
const object = { a: 1, b: undefined, c: function() {} };
const stringified = stringify(object, null, null, { maxDepth: 3 });
console.log(stringified);
Similar to javascript-stringify, json-stringify-safe handles circular dependencies gracefully when serializing objects to JSON. However, it does not handle functions or provide options for custom serialization depth.
This package offers functionality similar to javascript-stringify by allowing serialization of objects including functions and regex expressions. It provides XSS protection which javascript-stringify does not focus on.
Stringify is to
eval
asJSON.stringify
is toJSON.parse
.
npm install javascript-stringify --save
import { stringify } from "javascript-stringify";
The API is similar JSON.stringify
:
value
The value to convert to a stringreplacer
A function that alters the behavior of the stringification processspace
A string or number that's used to insert white space into the output for readability purposesoptions
undefined
properties instead of restoring as undefined
stringify({}); // "{}"
stringify(true); // "true"
stringify("foo"); // "'foo'"
stringify({ x: 5, y: 6 }); // "{x:5,y:6}"
stringify([1, 2, 3, "string"]); // "[1,2,3,'string']"
stringify({ a: { b: { c: 1 } } }, null, null, { maxDepth: 2 }); // "{a:{b:{}}}"
/**
* Invalid key names are automatically stringified.
*/
stringify({ "some-key": 10 }); // "{'some-key':10}"
/**
* Some object types and values can remain identical.
*/
stringify([/.+/gi, new Number(10), new Date()]); // "[/.+/gi,new Number(10),new Date(1406623295732)]"
/**
* Unknown or circular references are removed.
*/
var obj = { x: 10 };
obj.circular = obj;
stringify(obj); // "{x:10}"
stringify(obj, null, null, { references: true }); // "(function(){var x={x:10};x.circular=x;return x;}())"
/**
* Specify indentation - just like `JSON.stringify`.
*/
stringify({ a: 2 }, null, " "); // "{\n a: 2\n}"
stringify({ uno: 1, dos: 2 }, null, "\t"); // "{\n\tuno: 1,\n\tdos: 2\n}"
/**
* Add custom replacer behaviour - like double quoted strings.
*/
stringify(["test", "string"], function (value, indent, stringify) {
if (typeof value === "string") {
return '"' + value.replace(/"/g, '\\"') + '"';
}
return stringify(value);
});
//=> '["test","string"]'
You can use your own code formatter on the result of javascript-stringify
. Here is an example using eslint:
const { CLIEngine } = require("eslint");
const { stringify } = require("javascript-stringify");
const { APP_ROOT_PATH, ESLINTRC_FILE_PATH } = require("./constants");
const ESLINT_CLI = new CLIEngine({
fix: true,
cwd: APP_ROOT_PATH,
configFile: ESLINTRC_FILE_PATH,
});
module.exports = (objectToStringify) => {
return ESLINT_CLI.executeOnText(stringify(objectToStringify)).results[0]
.output;
};
MIT
FAQs
Stringify is to `eval` as `JSON.stringify` is to `JSON.parse`
The npm package javascript-stringify receives a total of 2,005,673 weekly downloads. As such, javascript-stringify popularity was classified as popular.
We found that javascript-stringify demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.