Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
json-source-map
Advanced tools
Parse/stringify JSON and provide source-map for JSON-pointers to all nodes
The json-source-map npm package is used to generate a source map for JSON objects. This allows you to track the location of each key and value in the original JSON string, which can be useful for error reporting, debugging, and other tasks that require precise location information.
Generating Source Map
This feature allows you to parse a JSON string and generate a source map that provides the location of each key and value in the original JSON string. The `pointers` object contains the location information.
const jsonSourceMap = require('json-source-map');
const json = '{"key": "value"}';
const { data, pointers } = jsonSourceMap.parse(json);
console.log(pointers);
Retrieving Location Information
This feature allows you to retrieve the location information for a specific key or value in the JSON object. The `pointers` object can be used to access the location of any key or value using a JSON Pointer.
const jsonSourceMap = require('json-source-map');
const json = '{"key": "value"}';
const { data, pointers } = jsonSourceMap.parse(json);
const keyLocation = pointers['/key'];
console.log(keyLocation);
The json-map package provides similar functionality by allowing you to map JSON keys to their locations in the original string. However, it may not be as feature-rich or actively maintained as json-source-map.
The json-pointer package allows you to manipulate and navigate JSON objects using JSON Pointers. While it does not generate source maps, it can be used in conjunction with json-source-map for more advanced JSON manipulation and location tracking.
The jsonpath package provides a way to query JSON objects using JSONPath expressions. It does not generate source maps, but it can be used to locate and extract specific parts of a JSON object, which can complement the functionality of json-source-map.
Parse/stringify JSON and provide source-map for JSON-pointers to all nodes.
NEW: supports BigInt, Maps, Sets and Typed arrays.
npm install json-source-map
When a domain-specific language that compiles to JavaScript uses JSON as a format, this module can be used as a replacement for standard JSON to simplify generation of source maps.
When a form also allows to edit JSON representation of data on the same screen, this module can be used to sinchronise navigation in JSON and in the form.
var jsonMap = require('json-source-map');
var result = jsonMap.stringify({ foo: 'bar' }, null, 2);
console.log('json:');
console.log(result.json);
console.log('\npointers:');
console.log(result.pointers);
output:
json:
{
"foo": "bar"
}
pointers:
{ '':
{ value: { line: 0, column: 0, pos: 0 },
valueEnd: { line: 2, column: 1, pos: 18 } },
'/foo':
{ key: { line: 1, column: 2, pos: 4 },
keyEnd: { line: 1, column: 7, pos: 9 },
value: { line: 1, column: 9, pos: 11 },
valueEnd: { line: 1, column: 14, pos: 16 } } }
var result = jsonMap.parse('{ "foo": "bar" }');
console.log('data:')
console.log(result.data);
console.log('\npointers:');
console.log(result.pointers);
output:
data:
{ foo: 'bar' }
pointers:
{ '':
{ value: { line: 0, column: 0, pos: 0 },
valueEnd: { line: 0, column: 16, pos: 16 } },
'/foo':
{ key: { line: 0, column: 2, pos: 2 },
keyEnd: { line: 0, column: 7, pos: 7 },
value: { line: 0, column: 9, pos: 9 },
valueEnd: { line: 0, column: 14, pos: 14 } } }
Parses JSON string. Returns object with properties:
Mapping object has properties:
Location object has properties (zero-based numbers):
Options:
Whitespace:
pos
(it is possible to slice sections of JSON string using pos
property), but column
counter is reset when r
or n
is encountered,column
but as a single character for pos
.Comparison with the standard JSON.parse
:
reviver
parameter of JSON.parse is not supported, but its position is reserved.bigint: true
).Stringifies JavaScript data. Returns object with properties:
Comparison with the standard JSON.stringify
:
replacer
parameter of JSON.stringify is not supported, but its position is reserved.space
parameter is supported, but if it is a string, it may only contain characters space, tab ('\t'), caret return ('\r') and line feed ('\n') - using any other caracter throws an exception. If this parameter is an object, it is options.Options:
space
parameter.FAQs
Parse/stringify JSON and provide source-map for JSON-pointers to all nodes
The npm package json-source-map receives a total of 276,898 weekly downloads. As such, json-source-map popularity was classified as popular.
We found that json-source-map demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.