Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/unjs/destr

🚀 Faster, secure and convenient alternative for JSON.parse for arbitrary inputs
https://github.com/unjs/destr

deno json jsonparse node nodejs

Last synced: 4 days ago
JSON representation

🚀 Faster, secure and convenient alternative for JSON.parse for arbitrary inputs

Awesome Lists containing this project

README 

        
# destr



[![npm version][npm-version-src]][npm-version-href]

[![npm downloads][npm-downloads-src]][npm-downloads-href]

[![bundle][bundle-src]][bundle-href]

[![License][license-src]][license-href]



A faster, secure and convenient alternative for [`JSON.parse`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse).



## Usage



### Node.js



Install dependency:



```bash

# npm

npm i destr



# yarn

yarn add destr



# pnpm

pnpm i destr

```



Import into your Node.js project:



```js

// ESM

import { destr, safeDestr } from "destr";



// CommonJS

const { destr, safeDestr } = require("destr");

```



### Deno



```js

import { destr, safeDestr } from "https://deno.land/x/destr/src/index.ts";



console.log(destr('{ "deno": "yay" }'));

```



## Why?



### ✅ Type Safe



```ts

const obj = JSON.parse("{}"); // obj type is any



const obj = destr("{}"); // obj type is unknown by default



const obj = destr("{}"); // obj is well-typed

```



### ✅ Fast fallback to input if is not string



```js

// Uncaught SyntaxError: Unexpected token u in JSON at position 0

JSON.parse();



// undefined

destr();

```



### ✅ Fast lookup for known string values



```js

// Uncaught SyntaxError: Unexpected token T in JSON at position 0

JSON.parse("TRUE");



// true

destr("TRUE");

```



### ✅ Fallback to original value if parse fails (empty or any plain string)



```js

// Uncaught SyntaxError: Unexpected token s in JSON at position 0

JSON.parse("salam");



// "salam"

destr("salam");

```



**Note:** This fails in safe/strict mode with `safeDestr`.



### ✅ Avoid prototype pollution



```js

const input = '{ "user": { "__proto__": { "isAdmin": true } } }';



// { user: { __proto__: { isAdmin: true } } }

JSON.parse(input);



// { user: {} }

destr(input);

```



### ✅ Strict Mode



When using `safeDestr` it will throw an error if the input is not a valid JSON string or parsing fails. (non string values and built-ins will be still returned as-is)



```js

// Returns "[foo"

destr("[foo");



// Throws an error

safeDestr("[foo");

```



## Benchmarks



`destr` is faster generally for arbitrary inputs but also sometimes little bit slower than `JSON.parse` when parsing a valid JSON string mainly because of transform to avoid [prototype pollution](https://learn.snyk.io/lessons/prototype-pollution/javascript/) which can lead to serious security issues if not being sanitized. In the other words, `destr` is better when input is not always a JSON string or from untrusted source like request body.



Check [Benchmark Results](./BENCH.md) or run with `pnpm run bench:node` or `pnpm run bench:bun` yourself!



## License



MIT. Made with 💖



[npm-version-src]: https://img.shields.io/npm/v/destr?style=flat&colorA=18181B&colorB=F0DB4F

[npm-version-href]: https://npmjs.com/package/destr

[npm-downloads-src]: https://img.shields.io/npm/dm/destr?style=flat&colorA=18181B&colorB=F0DB4F

[npm-downloads-href]: https://npmjs.com/package/destr

[bundle-src]: https://img.shields.io/bundlephobia/minzip/destr?style=flat&colorA=18181B&colorB=F0DB4F

[bundle-href]: https://bundlephobia.com/result?p=destr

[license-src]: https://img.shields.io/github/license/unjs/destr.svg?style=flat&colorA=18181B&colorB=F0DB4F

[license-href]: https://github.com/unjs/destr/blob/main/LICENSE