Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
The json5 npm package is a JSON parser and serializer that allows for comments, trailing commas, single quotes, and more. It is designed to be a more user-friendly and flexible version of JSON.
Parsing JSON5 Strings
This feature allows you to parse JSON5 strings into JavaScript objects. It supports comments, single quotes, and additional syntax that is not available in standard JSON.
{"parse": "JSON5.parse('{/*comment*/\"key\": \"value\"}')"}
Stringifying JavaScript Objects
This feature converts JavaScript objects into JSON5 strings. It can include features like trailing commas and unquoted keys, making the output more human-readable.
{"stringify": "JSON5.stringify({key: 'value'}, null, 2)"}
YAML is a human-friendly data serialization standard that can be used as an alternative to JSON. It supports comments, complex data structures, and is often used in configuration files. It is more flexible than JSON5 but uses a different syntax.
TOML is a configuration file format that is easy to read due to its clear semantics. It is similar to JSON5 in that it aims to be more user-friendly, but it has its own syntax and is often used in applications where configuration files are written and maintained by humans.
JSON is strict. Keys need to be quoted; strings can only be double-quoted; objects and arrays can't have trailing commas; and comments aren't allowed.
Using such a strict subset of "JavaScript object notation" was likely for the best at the time, but with modern ECMAScript 5 engines like V8 in Chrome and Node, these limitations are cumbersome.
JSON5 aims to do for JSON what ES5 and HTML5 did for JavaScript and HTML. It also aims to continue being a subset of regular JavaScript — ES5 flavor.
This project is a WIP, so these aren't necessarily all implemented yet, but these are the goals:
Object keys don't need to be quoted if they contain no special characters. Yes, even reserved keywords are valid unquoted keys in ES5.
Strings can be single-quoted.
Strings can be multi-line; just prefix the newline with a backslash.
Objects and arrays can have trailing commas.
Both inline (single-line) and block (multi-line) comments are allowed.
[TODO] Octal and hexadecimal numbers are allowed. [Is this a bad idea?]
{
foo: 'bar',
while: true,
this: 'is a\
multi-line string',
// this is an inline comment
here: 'is another', // inline comment
/* this is a block comment
it continues on another line */
finally: 'a trailing comma',
oh: [
'we shouldn\'t forget',
'arrays can have',
'trailing commas too',
],
}
MIT License. © 2012 Aseem Kishore.
Michael Bolin independently arrived at and published some of these same ideas with awesome explanations and detail. Recommended reading: Suggested Improvements to JSON
Douglas Crockford of course designed and built JSON, but his state machine diagrams on the JSON website, as cheesy as it may sound, gave me motivation and confidence that building a new parser to implement these ideas this was within my reach! This code is also modeled directly off of Doug's open-source json_parse.js parser. I'm super grateful for that clean and well-documented code.
v0.0.0 [code]
Let's consider this to be Douglas Crockford's original [json_parse.js] — a parser for the regular JSON format.
FAQs
JSON for Humans
The npm package json5 receives a total of 60,265,437 weekly downloads. As such, json5 popularity was classified as popular.
We found that json5 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.