Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
parse-json
Advanced tools
The parse-json npm package is used for parsing JSON strings. It provides an API for parsing JSON with more helpful error messages than the native JSON.parse. It can also handle trailing commas and comments in JSON strings, which are not supported by the standard JSON.parse.
Parse JSON with better error messages
This feature allows users to parse JSON strings and get more informative error messages when the JSON is invalid. It helps in debugging and fixing the JSON content.
const parseJson = require('parse-json');
try {
const obj = parseJson('{"foo": true,}');
} catch (error) {
console.error(error.message);
}
Parse JSON with comments
parse-json can handle JSON strings that contain comments, which are not typically allowed in JSON. This is useful when dealing with configurations or other JSON files where comments might be present.
const parseJson = require('parse-json');
const jsonWithComments = '{/* comment */ "foo": true}'
const obj = parseJson(jsonWithComments);
Parse JSON with trailing commas
This feature allows the parsing of JSON strings that have trailing commas after the last element in an object or array, which is not permitted in standard JSON.
const parseJson = require('parse-json');
const jsonWithTrailingComma = '{"foo": true,}'
const obj = parseJson(jsonWithTrailingComma);
json5 is a JSON parser and serializer that allows for comments, trailing commas, and other non-standard features. It is similar to parse-json but aims to be a superset of the JSON5 data format, which extends the JSON format to include additional JavaScript features.
json-parse-better-errors is another JSON parsing library that provides more helpful error messages than the native JSON.parse. It is similar to parse-json in its goal to improve error feedback but does not support comments or trailing commas.
json-parse-safe is a safe JSON parser that returns an error instead of throwing one. This can be useful for applications that need to handle JSON parsing errors more gracefully. It does not provide the extended syntax support that parse-json does.
Parse JSON with more helpful errors
npm install parse-json
import parseJson, {JSONError} from 'parse-json';
const json = '{\n\t"foo": true,\n}';
JSON.parse(json);
/*
undefined:3
}
^
SyntaxError: Unexpected token }
*/
parseJson(json);
/*
JSONError: Unexpected token } in JSON at position 16 while parsing near '{ "foo": true,}'
1 | {
2 | "foo": true,
> 3 | }
| ^
*/
parseJson(json, 'foo.json');
/*
JSONError: Unexpected token } in JSON at position 16 while parsing near '{ "foo": true,}' in foo.json
1 | {
2 | "foo": true,
> 3 | }
| ^
*/
// You can also add the filename at a later point
try {
parseJson(json);
} catch (error) {
if (error instanceof JSONError) {
error.fileName = 'foo.json';
}
throw error;
}
/*
JSONError: Unexpected token } in JSON at position 16 while parsing near '{ "foo": true,}' in foo.json
1 | {
2 | "foo": true,
> 3 | }
| ^
*/
Throws a JSONError
when there is a parsing error.
Type: string
Type: Function
Prescribes how the value originally produced by parsing is transformed, before being returned. See JSON.parse
docs for more.
Type: string
The filename displayed in the error message.
Exposed for instanceof
checking.
Type: string
The filename displayed in the error message.
Type: string
The printable section of the JSON which produces the error.
Type: string
The raw version of codeFrame
without colors.
FAQs
Parse JSON with more helpful errors
The npm package parse-json receives a total of 52,017,734 weekly downloads. As such, parse-json popularity was classified as popular.
We found that parse-json demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.