
Security News
Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.
jsonc-effect
Advanced tools
Pure Effect JSONC (JSON with Comments) parser with no external parser dependencies. Scanner, parser, AST, and formatting are all implemented natively.
effect is the sole runtime dependencyunknown (not any) and Option (not undefined)npm install jsonc-effect effect
import { parse } from "jsonc-effect"
import { Effect } from "effect"
const result = Effect.runSync(
parse('{ "key": 42, /* comment */ }')
)
// => { key: 42 }
Semantically compare two JSONC documents:
import { equals } from "jsonc-effect"
import { Effect } from "effect"
// Semantically equal despite different formatting, comments, and key order
const same = Effect.runSync(
equals(
'{ "foo": 1, "bar": 2 }',
'{ "bar": 2, /* comment */ "foo": 1 }'
)
)
// => true
If you just need to parse JSONC into a JavaScript object, use jsonc-parser or Bun's native JSONC support. They are faster and have no dependencies.
This library is for Effect-based programs that need deeper introspection and editing of JSONC documents: typed parse errors you can catchTag, Schema pipelines that validate JSONC strings into domain types, AST navigation, document modification and SAX-style visitor streams that are composable in Effect pipelines.
For API reference, advanced usage, and examples, see docs.
FAQs
Pure Effect-TS implementation of a JSONC (JSON with Comments) parser
The npm package jsonc-effect receives a total of 668 weekly downloads. As such, jsonc-effect popularity was classified as not popular.
We found that jsonc-effect demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
Multiple high-impact npm maintainers confirm they have been targeted in the same social engineering campaign that compromised Axios.

Security News
Axios compromise traced to social engineering, showing how attacks on maintainers can bypass controls and expose the broader software supply chain.

Security News
Node.js has paused its bug bounty program after funding ended, removing payouts for vulnerability reports but keeping its security process unchanged.