SevicheCC/Urara-Blog
1
0
Fork 0
mirror of https://github.com/Sevichecc/Urara-Blog.git synced 2025-05-06 10:29:13 +08:00
Code Issues Projects Releases Packages Wiki Activity
Urara-Blog/node_modules/.pnpm-store/v3/files/f8/78b946177c58d0fe4d15812a8b1e368a090aef233cc74d852b340e2f9fe362513b9606c8fc2efb0a0cf23a558ac813b684903b57e0472c6bdec3b082c7d7d6
Sevichecc f1246f7073 add pgp
2022-08-14 01:14:53 +08:00

117 lines
2.8 KiB
Text
Raw Blame History

# destr
> A faster, secure and convenient alternative for [`JSON.parse`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse):
[![npm version][npm-v-src]][npm-v-href]
[![npm downloads][npm-d-src]][npm-d-href]
[![bundle phobia][bundlephobia-src]][bundlephobia-href]
## Usage
### Node.js
Install using npm or yarn:
```bash
npm i destr
# or
yarn add destr
```
Import into your Node.js project:
```js
// CommonJS
const destr = require('destr')
// ESM
import destr from 'destr'
```
### Deno
```js
import destr from 'https://deno.land/x/destr/src/index.ts'
console.log(destr('{ "deno": "yay" }'))
```
## Why?
Please note that `destr` is little bit slower when parsing a standard JSON string mainly because of transform to avoid [prototype pollution](https://hueniverse.com/a-tale-of-prototype-poisoning-2610fa170061) which can lead to serious security issues if not being sanitized. In the other words, `destr` is better when input is not always a json string or from untrusted source like request body.
**Fast fallback to input if is not string:**
```js
// Uncaught SyntaxError: Unexpected token u in JSON at position 0
JSON.parse()
// undefined
destr()
```
```js
// JSON.parse x 5,324,474 ops/sec ±0.65% (94 runs sampled)
JSON.parse(3.14159265359)
// destr x 657,187,095 ops/sec ±0.06% (98 runs sampled)
destr(3.14159265359)
```
**Fast lookup for known string values:**
```js
// Uncaught SyntaxError: Unexpected token T in JSON at position 0
JSON.parse('TRUE')
// true
destr('TRUE')
```
```js
// JSON.parse x 10,407,488 ops/sec ±0.30% (97 runs sampled)
JSON.parse('true')
// destr x 88,634,032 ops/sec ±0.32% (95 runs sampled)
destr('true')
```
**Fallback to original value if parse fails (empty or any plain string):**
```js
// Uncaught SyntaxError: Unexpected token s in JSON at position 0
// JSON.parse (try-catch) x 248,212 ops/sec ±1.22% (84 runs sampled
JSON.parse('salam')
// destr x 30,867,179 ops/sec ±0.49% (94 runs sampled)
destr('salam')
```
**Avoid prototype pollution:**
```js
const input = '{ "user": { "__proto__": { "isAdmin": true } } }'
// { user: { __proto__: { isAdmin: true } } }
JSON.parse(input)
// { user: {} }
destr(input)
```
## License
MIT. Made with 💖
<!-- Refs -->
[npm-v-src]: https://img.shields.io/npm/v/destr?style=flat-square
[npm-v-href]: https://npmjs.com/package/destr
[npm-d-src]: https://img.shields.io/npm/dm/destr?style=flat-square
[npm-d-href]: https://npmjs.com/package/destr
[github-actions-src]: https://img.shields.io/github/workflow/status/unjs/destr/ci/master?style=flat-square
[github-actions-href]: https://github.com/unjs/destr/actions?query=workflow%3Aci
[bundlephobia-src]: https://img.shields.io/bundlephobia/min/destr?style=flat-square
[bundlephobia-href]: https://bundlephobia.com/result?p=destr
Reference in a new issue View git blame Copy permalink