secure-json-parse

What is secure-json-parse?

The secure-json-parse package is designed to safely parse JSON strings without the vulnerabilities associated with the native JSON.parse method. It provides protection against prototype pollution attacks, which can be a security concern when parsing user-supplied JSON data in JavaScript applications. By using secure-json-parse, developers can ensure that their applications are more secure against certain types of attacks that exploit the structure of JSON data.

What are secure-json-parse's main functionalities?

Safe parsing of JSON strings

This feature allows for the safe parsing of JSON strings, ensuring that the resulting object does not have prototype pollution vulnerabilities. The code sample demonstrates how to parse a simple JSON string safely.

const sjson = require('secure-json-parse');
const safeObj = sjson.parse('{"a":"b"}');

Custom reviver function support

This feature allows developers to provide a custom reviver function, which can be used to transform the JSON object's values during parsing. The code sample demonstrates parsing a JSON string with a date field, using a reviver function to convert the date string into a Date object.

const sjson = require('secure-json-parse');
const options = {reviver: (key, value) => (key === 'date' ? new Date(value) : value)};
const safeObj = sjson.parse('{"date":"2023-04-01T00:00:00.000Z"}', options);

Protection options customization

This feature allows for customization of protection actions against prototype pollution. Developers can specify how to handle '__proto__' and 'constructor' properties in the parsed JSON. The code sample demonstrates removing these potentially dangerous properties during parsing.

const sjson = require('secure-json-parse');
const options = {protoAction: 'remove', constructorAction: 'remove'};
const safeObj = sjson.parse('{"__proto__": {"a":"b"}, "constructor": {"prototype": {"a":"b"}}}', options);

Other packages similar to secure-json-parse

fast-json-parse

fast-json-parse is a package that focuses on providing a fast and safe way to parse JSON strings. While it emphasizes performance, it may not offer the same level of security features specifically designed to prevent prototype pollution attacks as secure-json-parse does.

flatted

flatted is a package that offers JSON parsing and stringifying with support for circular references. While it addresses a different aspect of JSON handling (circular references), it does not specifically focus on security concerns like prototype pollution, which is the main focus of secure-json-parse.

README

The README file is missing