New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

json-alexander

Package Overview
Dependencies
Maintainers
1
Versions
18
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

json-alexander - npm Package Compare versions

Comparing version 0.0.3 to 0.0.4

2

package.json
{
"name": "json-alexander",
"version": "0.0.3",
"version": "0.0.4",
"description": "Serenity Now! Safely parse JSON",

@@ -5,0 +5,0 @@ "main": "src/index.js",

19

README.md

@@ -8,3 +8,3 @@ # Friendly JSON Parse

```js
import parseJSON from 'json-alexander'
import { parseJSON } from 'json-alexander'

@@ -40,23 +40,26 @@ /* Normal Valid JSON */

I've run the regex patterns through [vuln-regex-detector](https://github.com/davisjam/vuln-regex-detector) and the patterns used appear to be safe.
I've run the regex patterns through [vuln-regex-detector](https://github.com/davisjam/vuln-regex-detector) & the patterns used appear to be safe. [See tests/regex](./tests/regexTests)
I'm leveraging this in Serverless Functions with max timeouts on requests, so redos is somewhat mitigated. If using in long running server... use at your own risk.
Recommended usage for this package is in serverless functions where max timeouts on requests can be used. This mitigates risk of REDOS.
Use `simple` parser if you want to ignore malformed JSON & disable the mechanism that leverage regex patterns.
If using in long running server... use the default `parseJSON` at your own risk or better yet use `safeParse` if you want to ignore malformed JSON & disable the mechanism that leverage regex patterns.
**Example:**
```js
import { simple as simpleParse } from 'json-alexander'
import { safeParse } from 'json-alexander'
/* Normal Valid JSON */
simpleParse('{"valid": "works"}')
safeParse('{"valid": "works"}')
// -> {"valid": "works"}
/* Javascript objects */
simpleParse({ key: 'val' })
safeParse({ key: 'val' })
// -> { key: 'val' }
/* Malformed JSON */
simpleParse("{'malformed': 'works'}")
safeParse("{'malformed': 'works'}")
// -> null no autofix
```
This code is not vulnerable to possible redos.

10

src/index.js

@@ -1,8 +0,4 @@

const {
isBalanced,
trimQuotes,
isNull
} = require('./utils')
const { isBalanced, trimQuotes, isNull } = require('./utils')
module.exports = function parse(x, defaultValue) {
module.exports.parseJSON = function parseJSON(x, defaultValue) {
const value = (typeof x === 'string') ? coerceStr(x, defaultValue) : coerceToString(x)

@@ -24,3 +20,3 @@ try {

module.exports.simple = function simpleParse(data, defaultValue) {
module.exports.safeParse = function simpleParse(data, defaultValue) {
try {

@@ -27,0 +23,0 @@ if (isNull(data) && defaultValue) {

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc