Security News
The Risks of Misguided Research in Supply Chain Security
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
parse-conflict-json
Advanced tools
Parse a JSON string that has git merge conflicts, resolving if possible
Parse a JSON string that has git merge conflicts, resolving if possible.
If the JSON is valid, it just does JSON.parse
as normal.
If either side of the conflict is invalid JSON, then an error is thrown for that.
// after a git merge that left some conflicts there
const data = fs.readFileSync('package-lock.json', 'utf8')
// reviverFunction is passed to JSON.parse as the reviver function
// preference defaults to 'ours', set to 'theirs' to prefer the other
// side's changes.
const parsed = parseConflictJson(data, reviverFunction, preference)
// returns true if the data looks like a conflicted diff file
parsed.isDiff(data)
If prefer
is set to theirs
, then the vaules of theirs
and ours
are
switched in the resolver function. (Ie, we'll apply their changes on top
of our object, rather than the other way around.)
Parse the conflicted file into 3 pieces: ours
, theirs
, and parent
Get the diff from parent
to ours
.
Apply each change of
that diff to theirs
.
If any change in the diff set cannot be applied (ie, because they
changed an object into a non-object and we changed a field on that
object), then replace the object at the specified path with the object
at the path in ours
.
4.0.0 (2024-09-24)
parse-conflict-json
now supports node ^18.17.0 || >=20.5.0
bbad0b5
#97 run template-oss-apply (@hashtagchris)aaa60b6
#96 enable auto publish (#96) (@reggi)ceb69ec
#93 bump @npmcli/eslint-config from 4.0.5 to 5.0.0 (@dependabot[bot])5724d51
#80 bump @npmcli/template-oss to 4.22.0 (@lukekarrys)46686e2
#94 postinstall for dependabot template-oss PR (@hashtagchris)0694002
#94 bump @npmcli/template-oss from 4.23.1 to 4.23.3 (@dependabot[bot])FAQs
Parse a JSON string that has git merge conflicts, resolving if possible
The npm package parse-conflict-json receives a total of 1,956,363 weekly downloads. As such, parse-conflict-json popularity was classified as popular.
We found that parse-conflict-json demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.