133 lines
		
	
	
		
			3.2 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
			
		
		
	
	
			133 lines
		
	
	
		
			3.2 KiB
		
	
	
	
		
			Markdown
		
	
	
	
	
	
| # destr
 | |
| 
 | |
| [![npm version][npm-version-src]][npm-version-href]
 | |
| [![npm downloads][npm-downloads-src]][npm-downloads-href]
 | |
| [![bundle][bundle-src]][bundle-href]
 | |
| [![License][license-src]][license-href]
 | |
| 
 | |
| A faster, secure and convenient alternative for [`JSON.parse`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/parse).
 | |
| 
 | |
| ## Usage
 | |
| 
 | |
| ### Node.js
 | |
| 
 | |
| Install dependency:
 | |
| 
 | |
| ```bash
 | |
| # npm
 | |
| npm i destr
 | |
| 
 | |
| # yarn
 | |
| yarn add destr
 | |
| 
 | |
| # pnpm
 | |
| pnpm i destr
 | |
| ```
 | |
| 
 | |
| Import into your Node.js project:
 | |
| 
 | |
| ```js
 | |
| // ESM
 | |
| import { destr, safeDestr } from "destr";
 | |
| 
 | |
| // CommonJS
 | |
| const { destr, safeDestr } = require("destr");
 | |
| ```
 | |
| 
 | |
| ### Deno
 | |
| 
 | |
| ```js
 | |
| import { destr, safeDestr } from "https://deno.land/x/destr/src/index.ts";
 | |
| 
 | |
| console.log(destr('{ "deno": "yay" }'));
 | |
| ```
 | |
| 
 | |
| ## Why?
 | |
| 
 | |
| ### ✅ Type Safe
 | |
| 
 | |
| ```ts
 | |
| const obj = JSON.parse("{}"); // obj type is any
 | |
| 
 | |
| const obj = destr("{}"); // obj type is unknown by default
 | |
| 
 | |
| const obj = destr<MyInterface>("{}"); // obj is well-typed
 | |
| ```
 | |
| 
 | |
| ### ✅ Fast fallback to input if is not string
 | |
| 
 | |
| ```js
 | |
| // Uncaught SyntaxError: Unexpected token u in JSON at position 0
 | |
| JSON.parse();
 | |
| 
 | |
| // undefined
 | |
| destr();
 | |
| ```
 | |
| 
 | |
| ### ✅ Fast lookup for known string values
 | |
| 
 | |
| ```js
 | |
| // Uncaught SyntaxError: Unexpected token T in JSON at position 0
 | |
| JSON.parse("TRUE");
 | |
| 
 | |
| // true
 | |
| destr("TRUE");
 | |
| ```
 | |
| 
 | |
| ### ✅ Fallback to original value if parse fails (empty or any plain string)
 | |
| 
 | |
| ```js
 | |
| // Uncaught SyntaxError: Unexpected token s in JSON at position 0
 | |
| JSON.parse("salam");
 | |
| 
 | |
| // "salam"
 | |
| destr("salam");
 | |
| ```
 | |
| 
 | |
| **Note:** This fails in safe/strict mode with `safeDestr`.
 | |
| 
 | |
| ### ✅ Avoid prototype pollution
 | |
| 
 | |
| ```js
 | |
| const input = '{ "user": { "__proto__": { "isAdmin": true } } }';
 | |
| 
 | |
| // { user: { __proto__: { isAdmin: true } } }
 | |
| JSON.parse(input);
 | |
| 
 | |
| // { user: {} }
 | |
| destr(input);
 | |
| ```
 | |
| 
 | |
| ### ✅ Strict Mode
 | |
| 
 | |
| When using `safeDestr` it will throw an error if the input is not a valid JSON string or parsing fails. (non string values and built-ins will be still returned as-is)
 | |
| 
 | |
| ```js
 | |
| // Returns "[foo"
 | |
| destr("[foo");
 | |
| 
 | |
| // Throws an error
 | |
| safeDestr("[foo");
 | |
| ```
 | |
| 
 | |
| ## Benchmarks
 | |
| 
 | |
| `destr` is faster generally for arbitrary inputs but also sometimes little bit slower than `JSON.parse` when parsing a valid JSON string mainly because of transform to avoid [prototype pollution](https://learn.snyk.io/lessons/prototype-pollution/javascript/) which can lead to serious security issues if not being sanitized. In the other words, `destr` is better when input is not always a JSON string or from untrusted source like request body.
 | |
| 
 | |
| Check [Benchmark Results](./BENCH.md) or run with `pnpm run bench:node` or `pnpm run bench:bun` yourself!
 | |
| 
 | |
| ## License
 | |
| 
 | |
| MIT. Made with 💖
 | |
| 
 | |
| <!-- Badges -->
 | |
| 
 | |
| [npm-version-src]: https://img.shields.io/npm/v/destr?style=flat&colorA=18181B&colorB=F0DB4F
 | |
| [npm-version-href]: https://npmjs.com/package/destr
 | |
| [npm-downloads-src]: https://img.shields.io/npm/dm/destr?style=flat&colorA=18181B&colorB=F0DB4F
 | |
| [npm-downloads-href]: https://npmjs.com/package/destr
 | |
| [bundle-src]: https://img.shields.io/bundlephobia/minzip/destr?style=flat&colorA=18181B&colorB=F0DB4F
 | |
| [bundle-href]: https://bundlephobia.com/result?p=destr
 | |
| [license-src]: https://img.shields.io/github/license/unjs/destr.svg?style=flat&colorA=18181B&colorB=F0DB4F
 | |
| [license-href]: https://github.com/unjs/destr/blob/main/LICENSE
 |