{"id":18775158,"url":"https://github.com/robinvdvleuten/json-from-script","last_synced_at":"2026-04-27T08:32:06.113Z","repository":{"id":57284879,"uuid":"91064435","full_name":"robinvdvleuten/json-from-script","owner":"robinvdvleuten","description":"👮🏻 Tiny JSON parser for your CSP aware script tags.","archived":false,"fork":false,"pushed_at":"2026-04-20T20:59:48.000Z","size":274,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-20T22:38:42.510Z","etag":null,"topics":["csp","javascript","json","script","security"],"latest_commit_sha":null,"homepage":"https://npm.im/json-from-script","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/robinvdvleuten.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-05-12T07:34:41.000Z","updated_at":"2026-04-20T20:59:46.000Z","dependencies_parsed_at":"2022-08-25T03:52:07.535Z","dependency_job_id":null,"html_url":"https://github.com/robinvdvleuten/json-from-script","commit_stats":null,"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/robinvdvleuten/json-from-script","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robinvdvleuten%2Fjson-from-script","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robinvdvleuten%2Fjson-from-script/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robinvdvleuten%2Fjson-from-script/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robinvdvleuten%2Fjson-from-script/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/robinvdvleuten","download_url":"https://codeload.github.com/robinvdvleuten/json-from-script/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robinvdvleuten%2Fjson-from-script/sbom","scorecard":{"id":780825,"data":{"date":"2025-08-11","repo":{"name":"github.com/robinvdvleuten/json-from-script","commit":"ee0ace6f43127601c68b9d77a974bba30e504d8c"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/29 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-23T04:52:24.911Z","repository_id":57284879,"created_at":"2025-08-23T04:52:24.912Z","updated_at":"2025-08-23T04:52:24.912Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32329463,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"online","status_checked_at":"2026-04-27T02:00:06.769Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["csp","javascript","json","script","security"],"created_at":"2024-11-07T19:40:34.513Z","updated_at":"2026-04-27T08:32:06.092Z","avatar_url":"https://github.com/robinvdvleuten.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# json-from-script\n\nA tiny (276B) JSON parser for your CSP aware script tags.\n\n[![NPM version](https://img.shields.io/npm/v/json-from-script.svg)](https://www.npmjs.com/package/json-from-script)\n[![Build Status](https://github.com/robinvdvleuten/json-from-script/actions/workflows/build.yml/badge.svg)](https://github.com/robinvdvleuten/json-from-script/actions/workflows/build.yml)\n[![licenses](https://licenses.dev/b/npm/json-from-script)](https://licenses.dev/npm/json-from-script)\n\nModern front-ends often need a tiny bit of server-rendered data to kick-start hydration or to configure a widget. The usual answer is an inline `\u003cscript\u003e` that hydrates a global variable—but that approach triggers strict [Content Security Policies](https://developers.google.com/web/fundamentals/security/csp/), can’t be cached independently, and forces you to hand-roll parsing and error handling for every page. **json-from-script** smooths out that workflow by treating `\u003cscript type=\"application/json\"\u003e` tags as a simple, declarative data transport that is safe under CSP.\n\n## Installation\n\n```\n$ npm install --save json-from-script\n```\n\n## Usage\n\nWhen your HTML contains any script tag like this:\n\n```html\n\u003cscript type=\"application/json\" class=\"data\" data-attr=\"foo\"\u003e{\u0026quot;bar\u0026quot;:\u0026quot;baz\u0026quot;}\u003c/script\u003e\n```\n\nYou can parse it in your JavaScript application like this:\n\n```js\nimport jsonFromScript from 'json-from-script';\n\n// Parsed will be { foo: { bar: 'baz' } }\nconst parsed = jsonFromScript();\n```\n\nBehind the scenes the helper scans the DOM for matching script tags, reads their `data-*` attributes, and returns a single object that is ready to feed into your app state or view models.\n\n## API\n\n### `jsonFromScript(selector, attribute)`\n\nParses every script element that matches the given selector and merges the JSON contents into a single object keyed by a data attribute.\n\n- `selector \u003cString\u003e`: CSS selector for the script tags to parse. Defaults to `script.data` which targets `\u003cscript\u003e` elements with the `data` class.\n- `attribute \u003cString\u003e`: Name of the data attribute used to derive the property name on the returned object. Defaults to `data-attr`, which reads the value from `data-attr=\"...\"` on each script tag.\n\nThe helper returns the aggregated object. If no matching scripts are found the result is an empty object. Invalid JSON will throw the same error you would get from `JSON.parse`, making it easy to catch misconfigured script blocks during development.\n\n## License\n\nMIT © [Robin van der Vleuten](https://robinvdvleuten.nl)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobinvdvleuten%2Fjson-from-script","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frobinvdvleuten%2Fjson-from-script","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobinvdvleuten%2Fjson-from-script/lists"}