Show HN: handlejson – Safe JSON parsing without try-catch boilerplate

https://github.com/chintanshah35/handlejson

1•chintanshah35•1h ago

Comments

chintanshah35•1h ago

After years of writing try-catch blocks for every JSON.parse, I built handlejson v1.0.0. It is a zero-dependency, 1.5KB library that eliminates boilerplate while hardening your application against common JSON exploits.

The problem:

  let data
  try {
    data = JSON.parse(str)
  } catch {
    data = null
  }

The solution:

  import { parse } from 'handlejson'
  
  const data = parse(str) // null if invalid, no try-catch needed
  const data = parse(str, { default: {} }) // {} if invalid

Key features:

Hardened Security (Protection against common exploits)

Native JSON.parse is vulnerable to resource exhaustion. handlejson adds:

  maxSize: Blocks memory exhaustion from "JSON bombs."
  maxDepth: Prevents stack overflow from deeply nested objects.
  safeKeys: Automatically blocks prototype pollution (__proto__).

  parse(userInput, {
    maxSize: 10 * 1024 * 1024,
    maxDepth: 100,
    safeKeys: true
  })

High Performance

- Small JSON: 5.2M ops/s - With security checks enabled: 3.4M ops/s - Bundle size: 1.5KB gzipped (Zero dependencies)

Advanced Handling

- Circular References: stringify() handles circular structures automatically.

- Date & BigInt: Automatic serialization and revival without manual revivers.

- Detailed Errors: Precise error position and context instead of "Unexpected token."

- Stream Parsing: Support for parsing large files in chunks.

- Schema Validation: Validate structure without extra dependencies.

- Error Tuples: Get error objects instead of null.

- Validation: Check validity without parsing.

- Format & Minify: Pretty-print or compress JSON.

- Reviver/Replacer: Custom transformation functions (like native JSON).

Reliability:

- 244 tests covering security, streams, and edge cases. - CI/CD tested on Node 18, 20, and 22. - TypeScript-first with full type support.

Blog Post (Deep Dive): https://chintanshah35.hashnode.dev/introducing-handlejson-v1...

GitHub: https://github.com/chintanshah35/handlejson

NPM: https://www.npmjs.com/package/handlejson

More of my work: https://dev.to/chintanshah35

Show HN: BlinkFund – Crowdfunding w Solana Blinks (donate directly from Twitter)

I Test Drove a Chinese EV. Now I Don't Want to Buy American Cars Anymore

Wyoming Introduces First-Ever Foreign Censorship Shield Bill

Deer antler size best predicted by mother's health

I made a website that shows you random cultural moments with zero context

Ask HN: Should a software engineer have research exposure?

Don Lemon interviews Elon Musk (2024) [video]

AI Doubling Time Horizon v1.1

Major Epstein files are now publicly viewable across multiple official archives

Chat Is Going to Eat the World

A free MCU watch tracker with achievements for Avengers: Doomsday

Ask HN: Blocked by YouTube? (Sign in to confirm you're not a bot)

The AI bubble has nothing to do with AI

Dual citizenship could be on the chopping block in America

Ollama Hosts Form Anonymous AI Network Beyond Platform Guardrails

Peerweb: Decentralized website hosting via WebTorrent

OpenClaw: The Rapid Rise

Silver plunges 30% in worst day since 1980, gold tumbles

Riding a C90 through India [video]

What GLP-1s Are Accidentally Teaching Us About Our Brains

The Hitchhiker's Guide to Measuring Engineering ROI

Three thoughts on AI inspired by Clawdbot

The Cost of AI Art

Claude planned the latest NASA Mars Rover drive

Show HN: A Postgres-first platform (opening public beta)

Job Interview Questions for Embedded Systems Developers

Show HN: Synatra – OpenClaw for Teams

New coffee chemicals show promise for managing type 2 diabetes

Apple tops Q1 earnings estimates on record-breaking iPhone sales

Show HN: HN Comment Thread Analysis