A faster, secure and convenient alternative for JSON.parse
npm install destr[![npm version][npm-version-src]][npm-version-href]
[![npm downloads][npm-downloads-src]][npm-downloads-href]
[![bundle][bundle-src]][bundle-href]
[![License][license-src]][license-href]
A faster, secure and convenient alternative for JSON.parse.
Install dependency:
``bashnpm
npm i destr
Import into your Node.js project:
js
// ESM
import { destr, safeDestr } from "destr";// CommonJS
const { destr, safeDestr } = require("destr");
`$3
js
import { destr, safeDestr } from "https://deno.land/x/destr/src/index.ts";console.log(destr('{ "deno": "yay" }'));
`Why?
$3
ts
const obj = JSON.parse("{}"); // obj type is anyconst obj = destr("{}"); // obj type is unknown by default
const obj = destr("{}"); // obj is well-typed
`$3
js
// Uncaught SyntaxError: Unexpected token u in JSON at position 0
JSON.parse();// undefined
destr();
`$3
js
// Uncaught SyntaxError: Unexpected token T in JSON at position 0
JSON.parse("TRUE");// true
destr("TRUE");
`$3
js
// Uncaught SyntaxError: Unexpected token s in JSON at position 0
JSON.parse("salam");// "salam"
destr("salam");
`Note: This fails in safe/strict mode with
.$3
`js
const input = '{ "user": { "__proto__": { "isAdmin": true } } }';// { user: { __proto__: { isAdmin: true } } }
JSON.parse(input);
// { user: {} }
destr(input);
`$3
When using
it will throw an error if the input is not a valid JSON string or parsing fails. (non string values and built-ins will be still returned as-is)`js
// Returns "foo"
destr("[foo");// Throws an error
safeDestr("[foo");
`Benchmarks
is faster generally for arbitrary inputs but also sometimes little bit slower than JSON.parse when parsing a valid JSON string mainly because of transform to avoid [prototype pollution which can lead to serious security issues if not being sanitized. In the other words, destr is better when input is not always a JSON string or from untrusted source like request body.Check Benchmark Results or run with
pnpm run bench:node or pnpm run bench:bun` yourself!MIT. Made with 💖
[npm-version-src]: https://img.shields.io/npm/v/destr?style=flat&colorA=18181B&colorB=F0DB4F
[npm-version-href]: https://npmjs.com/package/destr
[npm-downloads-src]: https://img.shields.io/npm/dm/destr?style=flat&colorA=18181B&colorB=F0DB4F
[npm-downloads-href]: https://npmjs.com/package/destr
[bundle-src]: https://img.shields.io/bundlephobia/minzip/destr?style=flat&colorA=18181B&colorB=F0DB4F
[bundle-href]: https://bundlephobia.com/result?p=destr
[license-src]: https://img.shields.io/github/license/unjs/destr.svg?style=flat&colorA=18181B&colorB=F0DB4F
[license-href]: https://github.com/unjs/destr/blob/main/LICENSE