Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
The 'json' npm package provides a simple command-line tool for working with JSON data. It allows users to easily manipulate JSON objects, extract specific fields, and format JSON data in a readable way.
Extracting specific fields
This feature allows you to extract specific fields from a JSON file. In this example, it extracts the 'name' field from 'data.json'.
json -f data.json name
Pretty-printing JSON
This feature formats JSON data in a readable way with indentation. The '-i' flag is used to pretty-print the JSON content of 'data.json'.
json -i data.json
Updating JSON data
This feature allows you to update JSON data directly from the command line. The '-I' flag is used to modify the file in place, and the '-e' flag is used to execute the provided JavaScript expression to update the 'name' field.
json -I -f data.json -e 'this.name="newName"'
jq is a lightweight and flexible command-line JSON processor. It allows for complex filtering, transformation, and extraction of JSON data. Compared to 'json', jq offers more advanced querying capabilities and a more powerful syntax for manipulating JSON data.
jsonfile is a simple module for reading and writing JSON files. It provides a straightforward API for interacting with JSON files in a Node.js environment. While 'jsonfile' focuses on file operations, 'json' provides command-line utilities for JSON manipulation.
json2csv is a tool for converting JSON data to CSV format. It is useful for exporting JSON data into a more tabular format that can be used in spreadsheets and databases. Unlike 'json', which focuses on JSON manipulation, json2csv specializes in data format conversion.
json
is a fast CLI tool for working with JSON. It is a single-file node.js
script with no external deps (other than
node.js itself). A quick taste:
$ echo '{"foo":"bar"}' | json
{
"foo": "bar"
}
$ echo '{"foo":"bar"}' | json foo
bar
$ echo '{"fred":{"age":42}}' | json fred.age # '.' for property access
42
$ echo '{"age":10}' | json -e 'this.age++'
{
"age": 11
}
# `json -ga` (g == group, a == array) for streaming mode
$ echo '{"latency":32,"req":"POST /widgets"}
{"latency":10,"req":"GET /ping"}
' | json -gac 'this.latency > 10' req
POST /widgets
Features:
-e
and -c
options)See http://trentm.com/json for full docs and examples as a man page.
Follow @trentmick for updates to json.
Get node.
npm install -g json
Note: This used to be called 'jsontool' in the npm registry, but as of version 8.0.0 it has taken over the 'json' name. See npm Package Name below.
OR manually:
Get the 'json' script and put it on your PATH somewhere (it is a single file with no external dependencies). For example:
cd ~/bin
curl -L https://github.com/trentm/json/raw/master/lib/json.js > json
chmod 755 json
You should now have "json" on your PATH:
$ json --version
json 9.0.0
WARNING for Ubuntu/Debian users: There is a current bug in Debian stable
such that "apt-get install nodejs" installed a nodejs
binary instead of a
node
binary. You'll either need to create a symlink for node
, change the
json
command's shebang line to "#!/usr/bin/env nodejs" or use
chrislea's PPA as
discussed on issue #56. You can also do "apt-get install nodejs-legacy" to install symlink for node
with apt.
make test
You can also limit (somewhat) which tests are run with the TEST_ONLY
envvar,
e.g.:
cd test && TEST_ONLY=executable nodeunit test.js
I test against node 0.4 (less so now), 0.6, 0.8, and 0.10.
MIT (see the fine LICENSE.txt file).
Since v1.3.1 you can use "json" as a node.js module:
var json = require('json');
However, so far the module API isn't that useful and the CLI is the primary focus.
Once upon a time, json
was a different thing (see zpoley's json-command
here), and this module was
called jsontool
in npm. As of version 8.0.0 of this module, npm install json
means this tool.
If you see documentation referring to jsontool
, it is most likely
referring to this module.
9.0.6
npm install -g json
.FAQs
a 'json' command for massaging and processing JSON on the command line
The npm package json receives a total of 133,239 weekly downloads. As such, json popularity was classified as popular.
We found that json demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.