Sj.h: A tiny little JSON parsing library in ~150 lines of C99

https://github.com/rxi/sj.h

108•simonpure•1h ago

Comments

EE84M3i•1h ago

This is interesting, but how does this do on the conformance tests?

https://github.com/nst/JSONTestSuite

Lucas_Marchetti•1h ago

Real question, does it manage nested objects ?

morcus•1h ago

It seems so: https://github.com/rxi/sj.h/blob/master/demo%2Fobject.c

Lucas_Marchetti•59m ago

yep but how deep can you parse nested into nested etc

layer8•44m ago

Why don’t you look at the source code, it’s only 150 lines?

The nesting is limited by using an int as the depth counter. The C standard guarantees that MAX_INT is at least 32767, so that’s a limit on portable nesting depth. Nowadays int is typically 32 or 64 bits, so a much higher limit in typical C implementations.

If I see correctly, the library doesn’t check for overflow, however. This might conceivably be an exploitable vulnerability (and such an overflow would constitute UB).

johnisgood•17m ago

Easy to add such checks though.

catlifeonmars•18m ago

You know what would really be useful is a conformance test based on a particular real implementation.

What I mean by this is a subset (superset?) that exactly matches the parsing behavior of a specific target parsing library. Why is this useful? To avoid the class of vulnerabilities that rely on the same JSON being handled differently by two different parsers (you can exploit this to get around an authorization layer, for example).

LegionMammal978•14m ago

It doesn't seem to have much in the way of validation, e.g., it will indiscriminately let you use either ] or } to terminate an object or array. Also, it's more lenient than RFC or json.org JSON in allowing '\v' for whitespace. I'd treat it more as a "data extractor for known-correct JSON". But even then, rolling your own string or number parser could get annoying, unless the producer agrees on a subset of JSON syntax.

adrianN•1h ago

What’s the usecase for something like this? There are lots of excellent libraries for json available. Is this a teaching tool?

p2detar•1h ago

> Zero-allocations with minimal state

Probably this part from the README. For example, you may want something like this when running a service on a device with limited memory.

Snild•1h ago

Small code is easier to review, so projects with strict security requirements might be one?

Also, license compliance is very easy (no notice required).

adsan•1h ago

I suppose it's meant as a minimal library meant to be modded for the specific usecase.

bb88•1h ago

Embedded cpus is an easy one. You could maybe run an api server on a vape now.

flohofwoe•52m ago

Trivial to integrate into an existing code base, minimal size overhead, no heap allocations, no stdlib usage (only stdbool.h and stddef.h included for type definitions), no C++ template shenanigans and very simple and straightforward API. C libraries which tick all those boxes are actually quite rare, and C++ libraries are much rarer.

CyberDildonics•49m ago

A small single file, pure C dependency that doesn't allocate memory can be a universal solution to a common problem if it works well.

elcapitan•41m ago

Being able to parse without a lot of overhead and without allocations is quite interesting. E.g. when you process some massive json dump to just extract some properties (the Wikidata dumps come to mind).

binary132•28m ago

the more the merrier

lioeters•1h ago

What I love about this author's work is that they're usually single-file libraries in ANSI C or Lua with focused scope, easy-to-use interface, and good documentation. And free software license. Aside from the posted project, some I like are:

- log.c - A simple logging library implemented in C99

- microui - A tiny immediate-mode UI library

- fe - A tiny, embeddable language implemented in ANSI C

- microtar - A lightweight tar library written in ANSI C

- cembed - A small utility for embedding files in a C header

- ini - A tiny ANSI C library for loading .ini config files

- json.lua - A lightweight JSON library for Lua

- lite - A lightweight text editor written in Lua

- cmixer - Portable ANSI C audio mixer for games

- uuid4 - A tiny C library for generating uuid4 strings

codr7•58m ago

JSON parser libraries in general is a black hole of suffering imo.

They're either written with a different use case in mind, or a complex mess of abstractions; often both.

It's not a very difficult problem to solve if you only write exactly what you need for your specific use case.

flohofwoe•43m ago

You can't get much more 'opinion-less' than this library though. Iterate over keys and array items, identify the value type and return string-slices.

IshKebab•34m ago

It also feels like only half the job to me. Reminds me of SAX "parsers" that were barely more than lexers.

flohofwoe•29m ago

I mean, what else is there to do when iterating over a JSON file? Delegating number parsing and UNICODE handling to the user can be considered a feature (since I can decide on my own how expensive/robust I want this to be).

skydhash•22m ago

That is what I like Common Lisp libraries. They are mostly about the algorithms, leaving data structures up to the user. So you make sure you got those rights before calling the function.

nicce•21m ago

The project advertises that it has zero-allocations with minimal state. I don’t think it is fair or our problems are very different. Single string, (the most used type), and you need an allocation.

mbac32768•2m ago

It's astonishing how involved a fucking modern JSON library becomes.

The very simple C++ single-header JSON library by nlohmann is now * 13 years old * is still actively merging PRs * has 122 __million__ unit tests

Is self-admittedly still not the fastest possible way to parse JSON in C++

fnord77•52m ago

I can see one bug just glancing at the code - feeding a stray '}' at the top level can result in depth becoming negative

flohofwoe•38m ago

That's detected as an error though?

https://github.com/rxi/sj.h/blob/eb725e0858877e86932128836c1...

layer8•39m ago

The library doesn’t check for signed integer overflow here:

https://github.com/rxi/sj.h/blob/eb725e0858877e86932128836c1...

Certain inputs can therefore trigger UB.

EmilStenstrom•28m ago

Submit a PR!

skydhash•26m ago

There was a nice article [0] about bloated edge cases libraries (discussion [1]).

Sometimes, it's just not the responsibility of the library. Trying to handle every possible errors is a quick way to complexity.

[0]: https://43081j.com/2025/09/bloat-of-edge-case-libraries

[1]: https://news.ycombinator.com/item?id=45319399

layer8•17m ago

The problem in the present case is that the caller is not made aware of the limitation, so can’t be expected to prevent passing unsupported input, and has no way to handle the overflow case after the fact.

skydhash•9m ago

Do you not review libraries you add to your project? A quick scan of the issues page if it's on a forge? Or just reading through the code if it's small enough (or select functions)?

Code is the ultimate specification. I don't trust the docs if the behavior is different from what it's saying (or more often fails to mention). And anything that deals with recursive structures (or looping without a clear counter and checks) is my one of the first candidate for checks.

> has no way to handle the overflow case after the fact.

Fork/Vendor the code and add your assertions.

layer8•7m ago

Obviously I just did review it, and my conclusion was to not use that code.

In the spirit of the article you linked, I’d rather write my own version.

ricardobeat•17m ago

An int will be 32 bits on any non-ancient platform, so this means:

- a JSON file with nested values exceeding 2 billion depth

- a file with more than 2 billion lines

- a line with more than 2 billion characters

layer8•16m ago

All very possible on modern platforms.

Maybe more importantly, I won’t trust the rest of the code if the author doesn’t seem to have the finite range of integer types in mind.

sim7c00•31m ago

this is really nice. i also _must_ use it because my initials are S.J H.. :').

on the more code side, love this, been looking to implement a simple json parser for some projects but this is small enough i can study it and either learn what i need or even use it. lovely!

A General Style Preference for Pronounceable Code (2010)

Pentagon Expands Its Restrictions on Reporter Access

Tale of 'Big Tech' and 'Body Shops': The Real Story Behind Trump's H1B Visa Fee

Per-paycheck impact of a $100K H-1B fee at 10–50% pass-through

Ask HN: What frustrates you most about video conferencing tools?

L.A. tech startups get big cash infusion as Silicon Valley pivots to defense

The Stoogeum

Democrats Must Counter Turning Point

Transforming Recursion into Iteration for LLVM Loop Optimizations

Release and looking for testers for a my platform called GrithPath OS

Writing my own communications library – a worklog of creating Penny part 1

DocumentDB and the Future of Open Source – Tecosystems

Excellent website for accurate image edits

Could Chinese AI threaten Western submarines?

Postfully: Powerful Tools for Content Creators

A Collection of Old English Customs, and Curious Bequests and Charities (1842)

JuicyLinks – LLO – SEO for LLM's

Vice Signalling

Lumo by Proton: AI assistant that respects privacy

SciGPT: A LLM for Scientific Literature Understanding and Knowledge Discovery

Cloudflare's 2025 Annual Founders' Letter

Driving Complex Decisions

Nimble Directory – Discover Nim's ecosystem of libraries and tools

Bad News: The Eurofighter Typhoon Is Obsolete

Estimate the lifetime CO₂ emissions of most UK Cars and Vans

Show HN: I made Android boot on Apple Silicon

Business co-founders are less valuable than they think they are

Show HN: Model-literals, model-aliases, and preference-aligned routing for LLMs

David Commins on Saudi Arabia, Wahhabism, and the Future of the Gulf States

The airliner pilot who gets to fly World War Two's biggest bomber