JSON

Secure drop-in replacement for the global `JSON` object with prototype pollution protection

Installation · Usage

Follow @marcuspoehls and @superchargejs for updates!

---

Introduction

The @supercharge/json package is a drop-in replacement for the global JSON object. It protects JSON parsing against protoype pollution attacks.

Installation

npm i @supercharge/json

Usage

Using @supercharge/json is pretty straightforward. Use it the same way as you would use the JSON object:

const JSON = require('@supercharge/json')

const user = JSON.parse('{"name":"Supercharge"}')
// { name: 'Supercharge' }

const user = JSON.parse('{"name":"Supercharge", "__proto__": { "x": 1 }, "constructor": {"prototype": {"bar": "baz"} } }')
// { name: 'Supercharge' }


const json = JSON.stringify({ name: 'Supercharge' })
// '{"name":"Supercharge"}'

Contributing

Do you miss a function? We very much appreciate your contribution! Please send in a pull request 😊

1. Create a fork
2. Create your feature branch: git checkout -b my-feature
3. Commit your changes: git commit -am 'Add some feature'
4. Push to the branch: git push origin my-new-feature
5. Submit a pull request 🚀

License

MIT © Supercharge

---

superchargejs.com  ·  GitHub @supercharge  ·  Twitter @superchargejs