Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
The json5 npm package is a JSON parser and serializer that allows for comments, trailing commas, single quotes, and more. It is designed to be a more user-friendly and flexible version of JSON.
Parsing JSON5 Strings
This feature allows you to parse JSON5 strings into JavaScript objects. It supports comments, single quotes, and additional syntax that is not available in standard JSON.
{"parse": "JSON5.parse('{/*comment*/\"key\": \"value\"}')"}
Stringifying JavaScript Objects
This feature converts JavaScript objects into JSON5 strings. It can include features like trailing commas and unquoted keys, making the output more human-readable.
{"stringify": "JSON5.stringify({key: 'value'}, null, 2)"}
YAML is a human-friendly data serialization standard that can be used as an alternative to JSON. It supports comments, complex data structures, and is often used in configuration files. It is more flexible than JSON5 but uses a different syntax.
TOML is a configuration file format that is easy to read due to its clear semantics. It is similar to JSON5 in that it aims to be more user-friendly, but it has its own syntax and is often used in applications where configuration files are written and maintained by humans.
JSON isn't the friendliest to write and maintain by hand. Keys need to be quoted; objects and arrays can't have trailing commas; comments aren't supported — even though none of these is the case with regular JavaScript today.
Restricting JSON to such a strict subset of "JavaScript object notation" made sense for making it a great data-exchange format, but JSON's usage has expanded beyond machine-to-machine communication.
JSON5 is a proposed extension to JSON that brings ES5 enhancements to its syntax. It remains a strict subset of JavaScript, adds no new data types, and is a strict superset of existing JSON.
JSON5 is not an official successor to JSON, and existing JSON parsers may not
understand these new features. It's thus recommended that files use a new
extension like .json5
to be explicit. [TODO: New MIME type too?]
This module provides a JavaScript implementation that works on all modern JS engines (even IE6). Its parser is based directly off of Douglas Crockford's eval-free json_parse.js, making it both secure and robust. Give it a try!
These are the new features of JSON5's syntax. All of these are optional, and all of these are part of ES5 JavaScript.
Object keys don't need to be quoted if they're valid identifiers. Yes, even reserved keywords are valid unquoted keys in ES5 [§11.1.5, §7.6]. [TODO: Unicode characters and escape sequences aren't yet supported in this implementation.]
Strings can be single-quoted.
Strings can be split across multiple lines; just prefix each newline with a backslash. [ES5 §7.8.4]
Objects and arrays can have trailing commas.
Both inline (single-line) and block (multi-line) comments are allowed.
Numbers can be hexadecimal (base 16), and they can also begin with a leading
decimal (e.g. .5
).
{
foo: 'bar',
while: true,
this: 'is a\
multi-line string',
// this is an inline comment
here: 'is another', // inline comment
/* this is a block comment
that continues on another line */
hex: 0xDEADbeef,
half: .5,
finally: 'a trailing comma',
oh: [
"we shouldn't forget",
'arrays can have',
'trailing commas too',
],
}
Via npm on Node:
npm install json5
var JSON5 = require('json5');
Or in the browser (adds the JSON5
object to the global namespace):
<script src="json5.js"></script>
var obj = JSON5.parse('{unquoted:"key",trailing:"comma",}');
var str = JSON5.stringify(obj);
console.log(obj);
console.log(str);
JSON5.stringify()
is currently aliased to the native JSON.stringify()
in
order for the output to be fully compatible with all JSON parsers today.
If you're running Node, you can also register a JSON5 require()
hook to let
you require()
.json5
files just like you can .json
files:
require('json5/lib/require');
require('./path/to/foo'); // tries foo.json5 after foo.js, foo.json, etc.
require('./path/to/bar.json5');
This module also provides a json5
executable (requires Node) for converting
JSON5 files to sibling JSON files:
$ json5 -c path/to/foo.json5 # generates path/to/foo.json
git clone git://github.com/aseemk/json5.git
cd json5
make
make test
If your system doesn't have Make, this should work in place of make [test]
:
./lib/cli.js -c package.json5
npm install
npm test
Make is used to auto-generate the package.json file that npm requires from our
package.json5 file. Just re-run make
(or ./lib/cli.js -c package.json5
) on
changes to package.json5.
Feel free to file issues and submit pull requests — contributions are welcome.
If you submit a pull request, please be sure to add or update corresponding
test cases, and ensure that make test
(or npm test
) continues to pass.
MIT License. © 2012 Aseem Kishore, and others.
Michael Bolin independently arrived at and published some of these same ideas with awesome explanations and detail. Recommended reading: Suggested Improvements to JSON
Douglas Crockford of course designed and built JSON, but his state machine diagrams on the JSON website, as cheesy as it may sound, gave me motivation and confidence that building a new parser to implement these ideas this was within my reach! This code is also modeled directly off of Doug's open-source json_parse.js parser. I'm super grateful for that clean and well-documented code.
Max Nanasy has been an early and prolific supporter, contributing multiple patches and ideas. Thanks Max!
v0.1.0 [[code][c0.1.0], [diff][d0.1.0]]
This release tightens JSON5 support and adds helpful utility features:
New: Support hexadecimal numbers. (Thanks [@MaxNanasy].)
Fix: Reject octal numbers properly now. Previously, they were accepted but improperly parsed as base-10 numbers. (Thanks [@MaxNanasy].)
Breaking: Reject "noctal" numbers now (base-10 numbers that begin with a leading zero). These are disallowed by both JSON5 and JSON, as well as by ES5's strict mode. (Thanks [@MaxNanasy].)
New: Support leading decimal points in decimal numbers. (Thanks [@MaxNanasy].)
Breaking: Reject trailing decimal points in decimal numbers now. These are disallowed by both JSON5 and JSON. (Thanks [@MaxNanasy].)
Breaking: Reject omitted elements in arrays now. These are disallowed by both JSON5 and JSON.
Fix: Throw proper SyntaxError
instances on errors now.
New: Add Node.js require()
hook. Register via json5/lib/require
.
New: Add Node.js json5
executable to compile JSON5 files to JSON.
FAQs
JSON for Humans
The npm package json5 receives a total of 60,265,437 weekly downloads. As such, json5 popularity was classified as popular.
We found that json5 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.