🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

json-bourne

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

json-bourne

Drop in replacement for JSON that standardizes Array.toJSON and Date.toJSON

1.0.1
latest
Source
npm
Version published
Maintainers
1
Created
Source

json-bourne

js-standard-style

Codeship Status for qubitproducts/json-bourne

Normalizes the JavaScript JSON API against overwritten Array.prototype.toJSON and IE8's unstandardized version of Date.prototype.toJSON.

Advantages over JSON 3

  • Much smaller, only a few lines rather than 4KB
  • Uses native stringify and parse methods
  • Runs much quicker on older browsers

Known issues

  • Does not protect against all monkeypatching
  • Can be slower at stringifying on newer browsers (see Benchmarks)
  • Not compatible with IE7 or below

Installation

$ npm install --save json-bourne

Motivation

JSON Bourne is intended for use in code that you'll execute on websites you don't control. Such websites can break the native JSON.stringify implementation by changing Array.prototype.toJSON, specifically if they use prototype.js version 1.6 or under. JSON Bourne also normalizes Date.prototype.toJSON, correcting the unstandard implementation for IE8. Any changes to prototypes are restored immediately after stringifying.

Usage

JSON Bourne is a drop in replacement for JSON, replicating the standard parse and stringify methods exactly.

var JSON = require('json-bourne')

console.log(JSON.parse('{"bourne": "legacy"}'))
// Logs { bourne: "legacy" }

console.log(JSON.stringify({"bourne": "ultimatum"}))
// Logs { "bourne": "ultimatum" }

Compatibility

Tested on IE8+, Chrome, Firefox, Opera and Safari.

Benchmarks

Want to work on this for your day job?

This project was created by the Engineering team at Qubit. As we use open source libraries, we make our projects public where possible.

We’re currently looking to grow our team, so if you’re a JavaScript engineer and keen on ES2016 React+Redux applications and Node micro services, why not get in touch? Work with like minded engineers in an environment that has fantastic perks, including an annual ski trip, yoga, a competitive foosball league, and copious amounts of yogurt.

Find more details on our Engineering site. Don’t have an up to date CV? Just link us your Github profile! Better yet, send us a pull request that improves this project.

FAQs

Package last updated on 03 Feb 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

CISA Kills Off RSS Feeds for KEVs and Cyber Alerts

Security News

CISA Kills Off RSS Feeds for KEVs and Cyber Alerts

CISA is discontinuing official RSS support for KEV and cybersecurity alerts, shifting updates to email and social media, disrupting automation workflows.

By Sarah Gooding  -  May 12, 2025