Research
Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique
A malicious package uses a QR code as steganography in an innovative technique.
By Olivia Brown - Sep 22, 2025
Jsoning is a simplified wrapper for Node.js that lets you write and read data to and from JSON files. It's designed to be beginner-friendly and easy to use, with a simple API that makes it easy to get started with. It's perfect for small projects, prototyping, and learning how to work with databases.
Features
- Use existing JSON files to read and write key-value pairs
- EventEmitters to listen to changes in the database
- Atomic file writing to prevent data corruption
- Easier to use than a toaster
- TypeScript support for all the fixed-type addicts out there
Install
Node.js v16.x or greater is required for this package to work.
npm i jsoning
# pnpm if you're feeling fast
pnpm i jsoning
# yarn if you're feeling fancy
yarn add jsoning
View the full documentation here.
Basic Usage
import { Jsoning, MathOps } from 'jsoning';
const db = new Jsoning('database.json');
// Set some values with a key
await db.set('birthday', '07-aug');
await db.set('age', '13');
// Push stuff to an array for a particular key
await db.push('transformers', 'optimus prime');
await db.push('transformers', 'bumblebee');
await db.push('transformers', 'iron hide');
// Get the value of a key
console.log(await db.get('transformers')); // [ 'optimus prime', 'bumblebee', 'iron hide' ]
// Get all the values
console.log(await db.all()); // { Record<string, JSONValue> of the whole database contents }
// does such a value exist?
console.log(await db.has('value2')); // false
// My age keeps changing, so I'm deleting it
console.log(await db.delete('age')); // true
// I got $100 for my birthday
await db.set('money', 100);
// and someone gave me $200 more
await db.math('money', MathOps.Add, 200);
// Just wanna make sure how much money I got
console.log(await db.get<number>('money')); // 300
// RIP iron hide, he died
await db.remove('transformers', 'iron hide');
// I'm getting bored, so I'm clearing the whole database
await db.clear();
Contributing
Please see CONTRIBUTING.md for more details on contributing!
Contributors
Thanks goes to these wonderful people (emoji key):
 Khaleel Gibran 💻 📖 🎨 🚇 ⚠️ ✅ |  David 📖 |  Jonyk56 💻 |  ayntee 💻 |  undefine 💻 🐛 🛡️ |  Aditya Gupta 💻 |  Manuel Maly 💻 🐛 |
 wh0 💻 |  akpi816218 💻 📖 💡 🚧 ⚠️ 🔧 |
This project follows the all-contributors specification. Contributions of any kind are welcome!
License
This package is open sourced under the MIT License.
FAQs
A simple key-value JSON-based persistent lightweight database.
The npm package jsoning receives a total of 335 weekly downloads. As such, jsoning popularity was classified as not popular.
We found that jsoning demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 27 Mar 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
/Security News
Identifying and Preventing Fraudulent Engineering Candidates: An Investigation into 80 Confirmed Cases
Socket identified 80 fake candidates targeting engineering roles, including suspected North Korean operators, exposing the new reality of hiring as a security function.
By Lauren Valencia, Kirill Boychenko - Sep 17, 2025
Application Security
/Research
/Security News
Updated and Ongoing Supply Chain Attack Targets CrowdStrike npm Packages
Socket detected multiple compromised CrowdStrike npm packages, continuing the "Shai-Hulud" supply chain attack that has now impacted nearly 500 packages.
By Kush Pandya, Peter van der Zee, Olivia Brown, Socket Research Team - Sep 16, 2025