{"id":16329975,"url":"https://github.com/luin/serialize","last_synced_at":"2025-03-16T14:31:10.025Z","repository":{"id":9210426,"uuid":"11021675","full_name":"luin/serialize","owner":"luin","description":"Serialize an object including it's function into a JSON.","archived":false,"fork":false,"pushed_at":"2017-06-04T12:42:14.000Z","size":9,"stargazers_count":78,"open_issues_count":6,"forks_count":14,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-03-16T03:05:13.746Z","etag":null,"topics":["javascript","json","nodejs","serialization"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/luin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-06-28T09:27:21.000Z","updated_at":"2025-03-11T17:33:25.000Z","dependencies_parsed_at":"2022-07-21T11:59:05.343Z","dependency_job_id":null,"html_url":"https://github.com/luin/serialize","commit_stats":{"total_commits":13,"total_committers":5,"mean_commits":2.6,"dds":"0.46153846153846156","last_synced_commit":"f9051f4104a3cd873f29b8815796e9f5d065c1a9"},"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luin%2Fserialize","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luin%2Fserialize/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luin%2Fserialize/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luin%2Fserialize/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/luin","download_url":"https://codeload.github.com/luin/serialize/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243882433,"owners_count":20363136,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["javascript","json","nodejs","serialization"],"created_at":"2024-10-10T23:17:58.413Z","updated_at":"2025-03-16T14:31:09.513Z","avatar_url":"https://github.com/luin.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# node-serialize\n\nSerialize a object including it's function into a JSON.\n\n[![Build Status](https://travis-ci.org/luin/serialize.png?branch=master)](https://travis-ci.org/luin/serialize)\n\n## SECURITY WARNING\n\nThis module provides a way to unserialize strings into executable JavaScript code, so that it may lead security vulnerabilities if the original strings can be modified by untrusted third-parties (aka hackers). For instance, the following attack example provided by [ajinabraham](https://github.com/luin/serialize/issues/4) shows how to achieve arbitrary code injection with an IIFE:\n\n```javascript\nvar serialize = require('node-serialize');\nvar x = '{\"rce\":\"_$$ND_FUNC$$_function (){console.log(\\'exploited\\')}()\"}'\nserialize.unserialize(x);\n```\n\nTo avoid the security issues, at least one of the following methods should be taken:\n\n1. Make sure to send serialized strings internally, isolating them from potential hackers. For example, only sending the strings from backend to fronend and always using HTTPS instead of HTTP.\n\n2. Introduce public-key cryptosystems (e.g. RSA) to ensure the strings not being tampered with.\n\n\n## Install\n\n```\nnpm install node-serialize\n```\n\n## Usage\n\n```javascript\nvar serialize = require('node-serialize');\n```\n\nSerialize an object including it's function:\n\n\n```javascript\nvar obj = {\n  name: 'Bob',\n  say: function() {\n    return 'hi ' + this.name;\n  }\n};\n\nvar objS = serialize.serialize(obj);\ntypeof objS === 'string';\nserialize.unserialize(objS).say() === 'hi Bob';\n```\n\nSerialize an object with a sub object:\n\n```javascript\nvar objWithSubObj = {\n  obj: {\n    name: 'Jeff',\n    say: function() {\n      return 'hi ' + this.name;\n    }\n  }\n};\n\nvar objWithSubObjS = serialize.serialize(objWithSubObj);\ntypeof objWithSubObjS === 'string';\nserialize.unserialize(objWithSubObjS).obj.say() === 'hi Jeff';\n```\n\nSerialize a circular object:\n\n```javascript\nvar objCircular = {};\nobjCircular.self = objCircular;\n\nvar objCircularS = serialize.serialize(objCircular);\ntypeof objCircularS === 'string';\ntypeof serialize.unserialize(objCircularS).self.self.self.self === 'object';\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluin%2Fserialize","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fluin%2Fserialize","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluin%2Fserialize/lists"}