serialize-javascript - npm Package Compare versions

Comparing version 1.2.0 to 1.3.0

index.js

@@ -13,3 +13,3 @@ /*
 var UID                 = Math.floor(Math.random() * 0x10000000000).toString(16);
-var PLACE_HOLDER_REGEXP = new RegExp('"@__(FUNCTION|REGEXP)-' + UID + '-(\\d+)__@"', 'g');
+var PLACE_HOLDER_REGEXP = new RegExp('"@__(F|R)-' + UID + '-(\\d+)__@"', 'g');
 
@@ -21,3 +21,3 @@ var IS_NATIVE_CODE_REGEXP = /\{\s*\[native code\]\s*\}/g;
 // Unicode char counterparts which are safe to use in JavaScript strings.
-var UNICODE_CHARS = {
+var ESCAPED_CHARS = {
     '<'     : '\\u003C',
@@ -30,22 +30,51 @@ '>'     : '\\u003E',
 
-module.exports = function serialize(obj, space) {
+function escapeUnsafeChars(unsafeChar) {
+    return ESCAPED_CHARS[unsafeChar];
+}
+
+module.exports = function serialize(obj, options) {
+    options || (options = {});
+
+    // Backwards-compatability for `space` as the second argument.
+    if (typeof options === 'number' || typeof options === 'string') {
+        options = {space: options};
+    }
+
     var functions = [];
     var regexps   = [];
-    var str;
 
-    // Creates a JSON string representation of the object and uses placeholders
-    // for functions and regexps (identified by index) which are later
-    // replaced.
-    str = JSON.stringify(obj, function (key, value) {
-        if (typeof value === 'function') {
-            return '@__FUNCTION-' + UID + '-' + (functions.push(value) - 1) + '__@';
+    // Returns placeholders for functions and regexps (identified by index)
+    // which are later replaced by their string representation.
+    function replacer(key, value) {
+        if (!value) {
+            return value;
         }
 
-        if (typeof value === 'object' && isRegExp(value)) {
-            return '@__REGEXP-' + UID + '-' + (regexps.push(value) - 1) + '__@';
+        var type = typeof value;
+
+        if (type === 'object') {
+            if (isRegExp(value)) {
+                return '@__R-' + UID + '-' + (regexps.push(value) - 1) + '__@';
+            }
+
+            return value;
         }
 
+        if (type === 'function') {
+            return '@__F-' + UID + '-' + (functions.push(value) - 1) + '__@';
+        }
+
         return value;
-    }, space);
+    }
 
+    var str;
+
+    // Creates a JSON string representation of the value.
+    // NOTE: Node 0.12 goes into slow mode with extra JSON.stringify() args.
+    if (options.isJSON && !options.space) {
+        str = JSON.stringify(obj);
+    } else {
+        str = JSON.stringify(obj, options.isJSON ? null : replacer, options.space);
+    }
+
     // Protects against `JSON.stringify()` returning `undefined`, by serializing
@@ -60,5 +89,3 @@ // to the literal string: "undefined".
     // regexps and functions are serialized and added back to the string.
-    str = str.replace(UNSAFE_CHARS_REGEXP, function (unsafeChar) {
-        return UNICODE_CHARS[unsafeChar];
-    });
+    str = str.replace(UNSAFE_CHARS_REGEXP, escapeUnsafeChars);
 
@@ -73,3 +100,3 @@ if (functions.length === 0 && regexps.length === 0) {
     return str.replace(PLACE_HOLDER_REGEXP, function (match, type, valueIndex) {
-        if (type === 'REGEXP') {
+        if (type === 'R') {
             return regexps[valueIndex].toString();
@@ -76,0 +103,0 @@ }

package.json

 {
   "name": "serialize-javascript",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "Serialize JavaScript to a superset of JSON that includes regular expressions and functions.",
   "main": "index.js",
   "scripts": {
-    "benchmark": "node test/benchmark/serialize.js",
+    "benchmark": "node -v && node test/benchmark/serialize.js",
     "test": "istanbul cover -- ./node_modules/mocha/bin/_mocha test/unit/ --reporter spec"
@@ -9,0 +9,0 @@ },

README.md

@@ -69,2 +69,24 @@ Serialize JavaScript
 
+### Options
+
+The `serialize()` function accepts `options` as its second argument. There are two options, both default to being `undefined`:
+
+#### `options.space`
+
+This option is the same as the `space` argument that can be passed to [`JSON.stringify`][JSON.stringify]. It can be used to add whitespace and indentation to the serialized output to make it more readable.
+
+```js
+serialize(obj, {space: 2});
+```
+
+#### `options.isJSON`
+
+This option is a signal to `serialize()` that the object being serialized does not contain any function or regexps values. This enables a hot-path that allows serialization to be over 3x faster. If you're serializing a lot of data, and know its pure JSON, then you can enable this option for a speed-up.
+
+**Note:** That when using this option, the output will still be escaped to protect against XSS.
+
+```js
+serialize(obj, {isJSON: true});
+```
+
 ## License
@@ -83,2 +105,3 @@
 [express-state]: https://github.com/yahoo/express-state
+[JSON.stringify]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify
 [LICENSE]: https://github.com/yahoo/serialize-javascript/blob/master/LICENSE

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

9986

increased by19.32%

Lines of code

85

increased by28.79%

Number of lines in readme file

106

increased by27.71%

No dependency changes