Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
json-parse-even-better-errors
Advanced tools
What is json-parse-even-better-errors?
The json-parse-even-better-errors package is an npm package that provides an improved JSON.parse function. It offers better error messages than the default JSON.parse, making it easier to debug issues with JSON data. It can pinpoint the exact location and cause of the error in the JSON string.
What are json-parse-even-better-errors's main functionalities?
Improved error messages
This feature enhances the error messages provided by JSON.parse. In the code sample, if the JSON is invalid, it will throw an error with a message that includes the position and reason for the failure, making it easier to identify and fix the issue.
const parseJSON = require('json-parse-even-better-errors');
try {
const obj = parseJSON('{"foo": "bar", "baz": }');
} catch (e) {
console.error(e.message);
}Other packages similar to json-parse-even-better-errors
fast-json-parse
This package offers a safe way to parse JSON strings without try-catch blocks. It returns an object with an error and value property. It is similar to json-parse-even-better-errors in providing a safer JSON parsing experience but does not focus on detailed error messages.
secure-json-parse
Secure-json-parse provides safe parsing of JSON strings, protecting against prototype pollution attacks. It is similar to json-parse-even-better-errors in that it enhances the JSON parsing process, but it focuses on security rather than error message clarity.
parse-json
Parse-json is another JSON parsing library that provides more informative error messages with a clear indication of where the parsing failed. It is similar to json-parse-even-better-errors in its goal to provide better error messages, but it may differ in implementation and the exact output of the errors.
json-parse-even-better-errors
json-parse-even-better-errors
is a Node.js library for getting nicer errors out of JSON.parse(),
including context and position of the parse errors.
It also preserves the newline and indentation styles of the JSON data, by
putting them in the object or array in the Symbol.for('indent') and
Symbol.for('newline') properties.
Install
$ npm install --save json-parse-even-better-errors
Table of Contents
Example
const parseJson = require('json-parse-even-better-errors')
parseJson('"foo"') // returns the string 'foo'
parseJson('garbage') // more useful error message
parseJson.noExceptions('garbage') // returns undefined
Features
- Like JSON.parse, but the errors are better.
- Strips a leading byte-order-mark that you sometimes get reading files.
- Has a
noExceptionsmethod that returns undefined rather than throwing. - Attaches the newline character(s) used to the
Symbol.for('newline')property on objects and arrays. - Attaches the indentation character(s) used to the
Symbol.for('indent')property on objects and arrays.
Indentation
To preserve indentation when the file is saved back to disk, use
data[Symbol.for('indent')] as the third argument to JSON.stringify, and
if you want to preserve windows \r\n newlines, replace the \n chars in
the string with data[Symbol.for('newline')].
For example:
const txt = await readFile('./package.json', 'utf8')
const data = parseJsonEvenBetterErrors(txt)
const indent = Symbol.for('indent')
const newline = Symbol.for('newline')
// .. do some stuff to the data ..
const string = JSON.stringify(data, null, data[indent]) + '\n'
const eolFixed = data[newline] === '\n' ? string
: string.replace(/\n/g, data[newline])
await writeFile('./package.json', eolFixed)
Indentation is determined by looking at the whitespace between the initial
{ and [ and the character that follows it. If you have lots of weird
inconsistent indentation, then it won't track that or give you any way to
preserve it. Whether this is a bug or a feature is debatable ;)
API
parse(txt, reviver = null, context = 20)
Works just like JSON.parse, but will include a bit more information when
an error happens, and attaches a Symbol.for('indent') and
Symbol.for('newline') on objects and arrays. This throws a
JSONParseError.
parse.noExceptions(txt, reviver = null)
Works just like JSON.parse, but will return undefined rather than
throwing an error.
class JSONParseError(er, text, context = 20, caller = null)
Extends the JavaScript SyntaxError class to parse the message and provide
better metadata.
Pass in the error thrown by the built-in JSON.parse, and the text being
parsed, and it'll parse out the bits needed to be helpful.
context defaults to 20.
Set a caller function to trim internal implementation details out of the
stack trace. When calling parseJson, this is set to the parseJson
function. If not set, then the constructor defaults to itself, so the
stack trace will point to the spot where you call new JSONParseError.
4.0.0 (2024-09-03)
⚠️ BREAKING CHANGES
json-parse-even-better-errorsnow supports node^18.17.0 || >=20.5.0
Bug Fixes
Chores
FAQs
JSON.parse with context information on error
The npm package json-parse-even-better-errors receives a total of 41,068,325 weekly downloads. As such, json-parse-even-better-errors popularity was classified as popular.
We found that json-parse-even-better-errors demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Package last updated on 04 Sep 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025
Security News
AI Slop Is Polluting Bug Bounty Platforms with Fake Vulnerability Reports
AI-generated slop reports are making bug bounty triage harder, wasting maintainer time, and straining trust in vulnerability disclosure programs.
By Sarah Gooding - May 06, 2025