Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
A JSON parser that can parse "bad" JSON. Mostly, this is about avoiding the need to quote everything!
Strict JSON requires you to do this:
{ "foo":"bar", "red":1 }
The JavaScript language itself is a little easier:
{ foo:"bar", red:1, }
But if you really want to be lazy, jsonic lets you say:
foo:bar, red:1,
See below for the relaxed JSON rules.
This module is used by the Seneca framework to provide an abbreviated command syntax.
If you're using this module, feel free to contact me on twitter if you have any questions! :) @rjrodger
Current Version: 0.1.2
Tested on: node 0.10.35, Chrome 40
var jsonic = require('jsonic')
// parse a string into a JavaScript object
var obj = jsonic('foo:1, bar:zed')
// prints { foo: '1', bar: 'zed' }
console.dir( obj )
npm install jsonic
JSONIC format is just standard JSON, with a few rule relaxations:
{ foo:"bar baz", red:255 }
foo:"bar baz", red:255
foo:bar baz, red:255
icky:",}_"
Jules:'Cry "Havoc," and let slip the dogs of war!'
foo:bar, red:255,
The parser uses PEG.js and is an extension of the example JSON parser included in that project.
You'll need:
sudo npm install phantomjs@1.9.1-0 uglify-js -g
FAQs
A dynamic JSON parser that isn't strict and can be customized.
The npm package jsonic receives a total of 20,065 weekly downloads. As such, jsonic popularity was classified as popular.
We found that jsonic demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.