UNPKG

destr/README.md

Version:

3.29 kBMarkdownView Raw

1# destr
2
3[![npm version][npm-version-src]][npm-version-href]
4[![npm downloads][npm-downloads-src]][npm-downloads-href]
5[![bundle][bundle-src]][bundle-href]
6[![License][license-src]][license-href]
7
8A faster, secure and convenient alternative for [`JSON.parse`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse).
9
10## Usage
11
12### Node.js
13
14Install dependency:
15
16```bash
17# npm
18npm i destr
19
20# yarn
21yarn add destr
22
23# pnpm
24pnpm i destr
25```
26
27Import into your Node.js project:
28
29```js
30// ESM
31import { destr, safeDestr } from "destr";
32
33// CommonJS
34const { destr, safeDestr } = require("destr");
35```
36
37### Deno
38
39```js
40import { destr, safeDestr } from "https://deno.land/x/destr/src/index.ts";
41
42console.log(destr('{ "deno": "yay" }'));
43```
44
45## Why?
46
47### ✅ Type Safe
48
49```ts
50const obj = JSON.parse("{}"); // obj type is any
51
52const obj = destr("{}"); // obj type is unknown by default
53
54const obj = destr<MyInterface>("{}"); // obj is well-typed
55```
56
57### ✅ Fast fallback to input if is not string
58
59```js
60// Uncaught SyntaxError: Unexpected token u in JSON at position 0
61JSON.parse();
62
63// undefined
64destr();
65```
66
67### ✅ Fast lookup for known string values
68
69```js
70// Uncaught SyntaxError: Unexpected token T in JSON at position 0
71JSON.parse("TRUE");
72
73// true
74destr("TRUE");
75```
76
77### ✅ Fallback to original value if parse fails (empty or any plain string)
78
79```js
80// Uncaught SyntaxError: Unexpected token s in JSON at position 0
81JSON.parse("salam");
82
83// "salam"
84destr("salam");
85```
86
87**Note:** This fails in safe/strict mode with `safeDestr`.
88
89### ✅ Avoid prototype pollution
90
91```js
92const input = '{ "user": { "__proto__": { "isAdmin": true } } }';
93
94// { user: { __proto__: { isAdmin: true } } }
95JSON.parse(input);
96
97// { user: {} }
98destr(input);
99```
100
101### ✅ Strict Mode
102
103When using `safeDestr` it will throw an error if the input is not a valid JSON string or parsing fails. (non string values and built-ins will be still returned as-is)
104
105```js
106// Returns "[foo"
107destr("[foo");
108
109// Throws an error
110safeDestr("[foo");
111```
112
113## Benchmarks
114
115`destr` is faster generally for arbitrary inputs but also sometimes little bit slower than `JSON.parse` when parsing a valid JSON string mainly because of transform to avoid [prototype pollution](https://learn.snyk.io/lessons/prototype-pollution/javascript/) which can lead to serious security issues if not being sanitized. In the other words, `destr` is better when input is not always a JSON string or from untrusted source like request body.
116
117Check [Benchmark Results](./BENCH.md) or run with `pnpm run bench:node` or `pnpm run bench:bun` yourself!
118
119## License
120
121MIT. Made with 💖
122
123<!-- Badges -->
124
125[npm-version-src]: https://img.shields.io/npm/v/destr?style=flat&colorA=18181B&colorB=F0DB4F
126[npm-version-href]: https://npmjs.com/package/destr
127[npm-downloads-src]: https://img.shields.io/npm/dm/destr?style=flat&colorA=18181B&colorB=F0DB4F
128[npm-downloads-href]: https://npmjs.com/package/destr
129[bundle-src]: https://img.shields.io/bundlephobia/minzip/destr?style=flat&colorA=18181B&colorB=F0DB4F
130[bundle-href]: https://bundlephobia.com/result?p=destr
131[license-src]: https://img.shields.io/github/license/unjs/destr.svg?style=flat&colorA=18181B&colorB=F0DB4F
132[license-href]: https://github.com/unjs/destr/blob/main/LICENSE

1	`# destr`
2
3	`[![npm version][npm-version-src]][npm-version-href]`
4	`[![npm downloads][npm-downloads-src]][npm-downloads-href]`
5	`[![bundle][bundle-src]][bundle-href]`
6	`[![License][license-src]][license-href]`
7
8	A faster, secure and convenient alternative for [`JSON.parse`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse).
9
10	`## Usage`
11
12	`### Node.js`
13
14	`Install dependency:`
15
16	```bash
17	`# npm`
18	`npm i destr`
19
20	`# yarn`
21	`yarn add destr`
22
23	`# pnpm`
24	`pnpm i destr`
25	```
26
27	`Import into your Node.js project:`
28
29	```js
30	`// ESM`
31	`import { destr, safeDestr } from "destr";`
32
33	`// CommonJS`
34	`const { destr, safeDestr } = require("destr");`
35	```
36
37	`### Deno`
38
39	```js
40	`import { destr, safeDestr } from "https://deno.land/x/destr/src/index.ts";`
41
42	`console.log(destr('{ "deno": "yay" }'));`
43	```
44
45	`## Why?`
46
47	`### ✅ Type Safe`
48
49	```ts
50	`const obj = JSON.parse("{}"); // obj type is any`
51
52	`const obj = destr("{}"); // obj type is unknown by default`
53
54	`const obj = destr<MyInterface>("{}"); // obj is well-typed`
55	```
56
57	`### ✅ Fast fallback to input if is not string`
58
59	```js
60	`// Uncaught SyntaxError: Unexpected token u in JSON at position 0`
61	`JSON.parse();`
62
63	`// undefined`
64	`destr();`
65	```
66
67	`### ✅ Fast lookup for known string values`
68
69	```js
70	`// Uncaught SyntaxError: Unexpected token T in JSON at position 0`
71	`JSON.parse("TRUE");`
72
73	`// true`
74	`destr("TRUE");`
75	```
76
77	`### ✅ Fallback to original value if parse fails (empty or any plain string)`
78
79	```js
80	`// Uncaught SyntaxError: Unexpected token s in JSON at position 0`
81	`JSON.parse("salam");`
82
83	`// "salam"`
84	`destr("salam");`
85	```
86
87	Note: This fails in safe/strict mode with `safeDestr`.
88
89	`### ✅ Avoid prototype pollution`
90
91	```js
92	`const input = '{ "user": { "__proto__": { "isAdmin": true } } }';`
93
94	`// { user: { __proto__: { isAdmin: true } } }`
95	`JSON.parse(input);`
96
97	`// { user: {} }`
98	`destr(input);`
99	```
100
101	`### ✅ Strict Mode`
102
103	When using `safeDestr` it will throw an error if the input is not a valid JSON string or parsing fails. (non string values and built-ins will be still returned as-is)
104
105	```js
106	`// Returns "[foo"`
107	`destr("[foo");`
108
109	`// Throws an error`
110	`safeDestr("[foo");`
111	```
112
113	`## Benchmarks`
114
115	`destr` is faster generally for arbitrary inputs but also sometimes little bit slower than `JSON.parse` when parsing a valid JSON string mainly because of transform to avoid [prototype pollution](https://learn.snyk.io/lessons/prototype-pollution/javascript/) which can lead to serious security issues if not being sanitized. In the other words, `destr` is better when input is not always a JSON string or from untrusted source like request body.
116
117	Check [Benchmark Results](./BENCH.md) or run with `pnpm run bench:node` or `pnpm run bench:bun` yourself!
118
119	`## License`
120
121	`MIT. Made with 💖`
122
123	`<!-- Badges -->`
124
125	`[npm-version-src]: https://img.shields.io/npm/v/destr?style=flat&colorA=18181B&colorB=F0DB4F`
126	`[npm-version-href]: https://npmjs.com/package/destr`
127	`[npm-downloads-src]: https://img.shields.io/npm/dm/destr?style=flat&colorA=18181B&colorB=F0DB4F`
128	`[npm-downloads-href]: https://npmjs.com/package/destr`
129	`[bundle-src]: https://img.shields.io/bundlephobia/minzip/destr?style=flat&colorA=18181B&colorB=F0DB4F`
130	`[bundle-href]: https://bundlephobia.com/result?p=destr`
131	`[license-src]: https://img.shields.io/github/license/unjs/destr.svg?style=flat&colorA=18181B&colorB=F0DB4F`
132	`[license-href]: https://github.com/unjs/destr/blob/main/LICENSE`