Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

secure-json-parse

Package Overview
Dependencies
Maintainers
2
Versions
15
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

secure-json-parse

JSON parse with prototype poisoning protection

  • 2.7.0
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
5.8M
increased by82.82%
Maintainers
2
Weekly downloads
 
Created

What is secure-json-parse?

The secure-json-parse package is designed to safely parse JSON strings without the vulnerabilities associated with the native JSON.parse method. It provides protection against prototype pollution attacks, which can be a security concern when parsing user-supplied JSON data in JavaScript applications. By using secure-json-parse, developers can ensure that their applications are more secure against certain types of attacks that exploit the structure of JSON data.

What are secure-json-parse's main functionalities?

Safe parsing of JSON strings

This feature allows for the safe parsing of JSON strings, ensuring that the resulting object does not have prototype pollution vulnerabilities. The code sample demonstrates how to parse a simple JSON string safely.

const sjson = require('secure-json-parse');
const safeObj = sjson.parse('{"a":"b"}');

Custom reviver function support

This feature allows developers to provide a custom reviver function, which can be used to transform the JSON object's values during parsing. The code sample demonstrates parsing a JSON string with a date field, using a reviver function to convert the date string into a Date object.

const sjson = require('secure-json-parse');
const options = {reviver: (key, value) => (key === 'date' ? new Date(value) : value)};
const safeObj = sjson.parse('{"date":"2023-04-01T00:00:00.000Z"}', options);

Protection options customization

This feature allows for customization of protection actions against prototype pollution. Developers can specify how to handle '__proto__' and 'constructor' properties in the parsed JSON. The code sample demonstrates removing these potentially dangerous properties during parsing.

const sjson = require('secure-json-parse');
const options = {protoAction: 'remove', constructorAction: 'remove'};
const safeObj = sjson.parse('{"__proto__": {"a":"b"}, "constructor": {"prototype": {"a":"b"}}}', options);

Other packages similar to secure-json-parse

Keywords

FAQs

Package last updated on 10 Jan 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc