Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
json-stable-stringify
Advanced tools
deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results
The json-stable-stringify npm package is used to convert a JavaScript object into a JSON string with a deterministic order of keys. This is particularly useful when you want to ensure that the string output is consistent for the same structural data, which is important for tasks like creating cryptographic hashes, caching, or simply when you need a stable serialization of JSON that you can compare.
Deterministic JSON.stringify
This feature allows you to serialize a JavaScript object into a JSON string with a consistent ordering of keys. This is useful when you need to compare JSON strings for equality or when you need to generate a hash from a JSON string and require that the string be the same for the same data.
{"result": "json-stable-stringify"}
Custom comparator
json-stable-stringify allows you to provide a custom comparison function to determine the order of keys. This is useful when you have specific requirements for the order of keys beyond simple alphabetical sorting.
{"result": "json-stable-stringify with custom comparator"}
Space argument for pretty-printing
The package also supports the 'space' argument like JSON.stringify, which allows you to pretty-print the output with indentation for better readability.
{"result": "json-stable-stringify with pretty-printing"}
This package offers similar functionality to json-stable-stringify but focuses on performance. It claims to be the fastest stable JSON.stringify available.
Similar to fast-json-stable-stringify, this package also aims to provide fast and stable JSON stringification. It compares to json-stable-stringify by offering a different balance of speed and features.
deterministic version of JSON.stringify()
so you can get a consistent hash from stringified results
You can also pass in a custom comparison function.
const stringify = require('json-stable-stringify');
const obj = { c: 8, b: [{ z: 6, y: 5, x: 4 }, 7], a: 3 };
console.log(stringify(obj));
output:
{"a":3,"b":[{"x":4,"y":5,"z":6},7],"c":8}
const stringify = require('json-stable-stringify')
Return a deterministic stringified string str
from the object obj
.
If opts
is given, you can supply an opts.cmp
to have a custom comparison function for object keys.
Your function opts.cmp
is called with these parameters:
opts.cmp({ key: akey, value: avalue }, { key: bkey, value: bvalue }, { get(key): value })
For example, to sort on the object key names in reverse order you could write:
const stringify = require('json-stable-stringify');
const obj = { c: 8, b: [{ z: 6, y: 5, x: 4 },7], a: 3 };
const s = stringify(obj, function (a, b) {
return b.key.localeCompare(a.key);
});
console.log(s);
which results in the output string:
{"c":8,"b":[{"z":6,"y":5,"x":4},7],"a":3}
Or if you wanted to sort on the object values in reverse order, you could write:
const stringify = require('json-stable-stringify');
const obj = { d: 6, c: 5, b: [{ z: 3, y: 2, x: 1 }, 9], a: 10 };
const s = stringify(obj, function (a, b) {
return a.value < b.value ? 1 : -1;
});
console.log(s);
which outputs:
{"d":6,"c":5,"b":[{"z":3,"y":2,"x":1},9],"a":10}
An additional param get(key)
returns the value of the key from the object being currently compared.
If you specify opts.space
, it will indent the output for pretty-printing.
Valid values are strings (e.g. {space: \t}
) or a number of spaces
({space: 3}
).
For example:
const obj = { b: 1, a: { foo: 'bar', and: [1, 2, 3] } };
const s = stringify(obj, { space: ' ' });
console.log(s);
which outputs:
{
"a": {
"and": [
1,
2,
3
],
"foo": "bar"
},
"b": 1
}
The replacer parameter is a function opts.replacer(key, value)
that behaves the same as the replacer
from the core JSON object.
With npm do:
npm install json-stable-stringify
MIT
FAQs
deterministic JSON.stringify() with custom sorting to get deterministic hashes from stringified results
The npm package json-stable-stringify receives a total of 5,163,195 weekly downloads. As such, json-stable-stringify popularity was classified as popular.
We found that json-stable-stringify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.