{"id":34151853,"url":"https://github.com/olympos-labs/cjson","last_synced_at":"2026-03-10T09:03:20.391Z","repository":{"id":57499782,"uuid":"134613247","full_name":"olympos-labs/cjson","owner":"olympos-labs","description":"Go library for canonical JSON encoding.","archived":false,"fork":false,"pushed_at":"2019-11-03T17:53:05.000Z","size":895,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-12-17T21:33:13.248Z","etag":null,"topics":["encoding","golang","json"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/olympos-labs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-23T18:57:27.000Z","updated_at":"2021-05-07T00:46:00.000Z","dependencies_parsed_at":"2022-08-28T14:20:50.564Z","dependency_job_id":null,"html_url":"https://github.com/olympos-labs/cjson","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/olympos-labs/cjson","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olympos-labs%2Fcjson","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olympos-labs%2Fcjson/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olympos-labs%2Fcjson/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olympos-labs%2Fcjson/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/olympos-labs","download_url":"https://codeload.github.com/olympos-labs/cjson/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/olympos-labs%2Fcjson/sbom","scorecard":{"id":705782,"data":{"date":"2025-08-11","repo":{"name":"github.com/olympos-labs/cjson","commit":"b41f647ea9282332ffb7ba46e0fa0c318a0e9cfb"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/18 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: BSD 3-Clause \"New\" or \"Revised\" License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T06:31:14.402Z","repository_id":57499782,"created_at":"2025-08-22T06:31:14.402Z","updated_at":"2025-08-22T06:31:14.402Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30328275,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-10T05:25:20.737Z","status":"ssl_error","status_checked_at":"2026-03-10T05:25:17.430Z","response_time":106,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["encoding","golang","json"],"created_at":"2025-12-15T05:44:10.626Z","updated_at":"2026-03-10T09:03:20.380Z","avatar_url":"https://github.com/olympos-labs.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cjson\n\n[![GoDoc](https://godoc.org/olympos.io/encoding/cjson?status.svg)](https://godoc.org/olympos.io/encoding/cjson)\n\nA Go library to emit JSON in normal/canonical form.\n\n```go\nimport \"olympos.io/encoding/cjson\"\n```\n\nTo use this library, import the import path above with your favourite dependency\nmanagement tool and refer to it in the files where you want to use it.\n\nThis repository also contains the tool `json_canonicalize`, which canonicalizes\nJSON data. You can fetch that one by running\n\n```shell\n$ go get olympos.io/encoding/cjson/cmd/json_canonicalize\n```\n\n## Usage\n\nThe core of this library is a single function:\n\n```go\nfunc Canonicalize(dst io.Writer, src io.Reader) (int, error) {}\n```\n\n`Canonicalize` takes a stream of JSON values, canonicalizes them, then sends\nthem to `dst`.\n\nThere are two functions that works on top of `Canonicalize` to ease the work it\ndoes:\n\n```go\nfunc Marshal(v interface{}) ([]byte, error) {}\nfunc NewEncoder(w io.Writer) *Encoder {}\n```\n\nThose two works almost as a drop-in replacement for the `encoding/json`\nfunctions with the same name.\n\n## Rationale\n\nJSON can be emitted in many shapes and forms. This is good, but it hinders you\nfrom checking whether two JSON values are identical without reading them into a\nstructure. If you instead encode them into a canonical form, you can store that\nvalue and efficiently hash it.\n\n## But Why Another One?\n\nThere have been previous attempts at creating a formal spec for canonical JSON,\nperhaps most notably [Staykov and Hu's draft on JSON Canonical Form](https://tools.ietf.org/html/draft-staykov-hu-json-canonical-form-00).\n\nHowever, this draft does not consider two things:\n\n1. Canonicalization of strings\n2. Integer vs. double\n\nStrings can contain unicode characters that may or may not be written in up to\nmultiple different ways. Consider, for example, the symbol `/`. In JSON, `/` may\nbe written as `/`, as `\\/`, as `\\u002F` and `\\u002f`.\n\nThe integer vs. double consideration has more with real world usage\nconsideration: A number in JSON can be considered an integer if it is within the\nrange `[-(2**53)+1, (2**53)-1]` and has no fractional part. However, many\nlanguages – Go included – will not accept a number that is an integer but\n\"presented\" as a float, for example `1.0E0` (typically the other way around\nworks fine).\n\nOther JSON specifications exist and attempts to take this into consideration.\nAnother known speicfication is [Canonical\nJSON](http://wiki.laptop.org/go/Canonical_JSON). However, it\n\n1. Disallows floating point values\n2. Allows strings to be arbitrary byte sequences\n\nwhich means that you can not transform arbitrary JSON into this specification,\nand, technically speaking, you can not transform canonical JSON into \"valid\nJSON\" (although this is easy to ensure).\n\nI need to encode floats, meaning that\n[`canonical/json`](https://godoc.org/github.com/docker/go/canonical/json) was a\nno go for me.\n\n## Spec\n\nThe encoding rules are described in detail in the [SPEC.md](SPEC.md).\n\n\n## License\n\nCopyright © 2018-2019 Jean Niklas L'orange\n\nDistributed under the BSD 3-clause license, which is available in the file\nLICENSE.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Folympos-labs%2Fcjson","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Folympos-labs%2Fcjson","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Folympos-labs%2Fcjson/lists"}