Similar to #41 we could add support for Symbols via toString and is-symbol.

> const safeStringify = require('fast-safe-stringify')
undefined
> safeStringify({ foo: 'bar', [Symbol.for('axe.silent')]: true });
'{"foo":"bar"}'
> safeStringify({ foo: 'bar', [Symbol.for('axe.silent').toString()]: true });
'{"foo":"bar","Symbol(axe.silent)":true}'

Me again. Seeing the above error since I started using your library for www.videomail.io

Happens on this user agent

{
 "userAgent": "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36"
}

I think this has been thrown at this or near this line within the decirc fn
https://github.com/davidmarkclements/fast-safe-stringify/blob/master/index.js#L28

as titled.

Could you please make a feature for maxStringLength in order to trimm just the strings for a given length(like in utils), it would be a great addition to this module

Hi there!

We've found an issue when calling the stringify function where there are circular references in a getter.

Example:

const fastSafeStringify = require('fast-safe-stringify')

const o = {
  a: 1,
  get self() {
    return o
  },
}

console.log(fastSafeStringify(o))

Which throws the following error:

/Users/kristofferostlund/dev/logger-node/examples/node_modules/fast-safe-stringify/index.js:11
  var res = JSON.stringify(obj, replacer, spacer)
                 ^

TypeError: Converting circular structure to JSON
    at JSON.stringify (<anonymous>)
    at stringify (/Users/kristofferostlund/dev/logger-node/examples/node_modules/fast-safe-stringify/index.js:11:18)
    at Object.<anonymous> (/Users/kristofferostlund/dev/logger-node/examples/circular-meta-example.js:57:13)
    at Module._compile (module.js:653:30)
    at Object.Module._extensions..js (module.js:664:10)
    at Module.load (module.js:566:32)
    at tryModuleLoad (module.js:506:12)
    at Function.Module._load (module.js:498:3)
    at Function.Module.runMain (module.js:694:10)
    at startup (bootstrap_node.js:204:16)

Would be useful if this lib gracefully handled native bigint values.

Could simply toString() them

Because you use const in your source.

Dont want to force global babelification due to bad performance.

Maybe can add this in your package.json?

{
  "browserify": {
    "transform": ["babelify"]
  }
}

See:
https://github.com/babel/babelify#why-arent-files-in-node_modules-being-transformed

Whenever I try to use fast-safe-stringify with a Mongoose Object, I get the error "this.$__path is not a function". I tried investigating exactly what is it in mongoose documents that cause this but couldn't find anything.

JSON.stringify() works with mongoose objects just fine.

I'm using the newest version of both packages:
fast-safe-stringify: 2.0.6,
mongoose: 8.6.8,
node: 10.16.1

The follow example returns undefined:

import safeStringify from "fast-safe-stringify";
safeStringify(undefined) // -> returns undefined

But the type definition only specifies string as return type, we should update it to string | undefined instead.

In usage, this has the potential to blow up an application with really hard to trace errors.

Because you are modifying the object itself, if that object has references to anything that needs to remain unmodified and this lib removes it from the object, you can potentially crash the application. For example, serializing the response from a server when the response object contains a reference to the server itself.

Spent a few days tracking this down in my own app.

I have type: module in package.json

Now I am using

import safeStringify from 'fast-safe-stringify';

and

safeStringify.default(incident)

I would prefer to hide this .defaut in the library code so it should be built as esm and cjs version.

Hi there,

it seems that the library is still having issues handling circularity and objects with a toJSONmethod.

The latest version (1.1.11) does help a bit with this problem but it's still breaking when the children provides a toJSON method.

The following test provides more details.

Thanks.

const fss = require('fast-safe-stringify')
const assert = require('assert')

// Create a test object that has an overriden `toJSON` property
TestObject.prototype.toJSON = function () { return { special : 'case' } }
function TestObject (content) {}

// Creating a simple circular object structure
const parentObject = {}
parentObject.childObject = new TestObject()
parentObject.childObject.parentObject = parentObject

// Creating a simple circular object structure
const otherParentObject = new TestObject()
otherParentObject.otherChildObject = {}
otherParentObject.otherChildObject.otherParentObject = otherParentObject

// Making sure our original tests work
assert.deepEqual(parentObject, { childObject : { parentObject } })
assert.deepEqual(otherParentObject, { otherChildObject : { otherParentObject } })

// Should both be idempotent
assert.equal(fss(parentObject), '{"childObject":{"special":"case"}}')
assert.equal(fss(otherParentObject), '{"special":"case"}')

// Therefore the following assertion should be `true`
assert.deepEqual(parentObject, { childObject : { parentObject } }) // Still fails on 1.1.11
assert.deepEqual(otherParentObject, { otherChildObject : { otherParentObject } }) // Fails on < 1.1.11

npm WARN tarball tarball data for fast-safe-stringify@https://registry.npmjs.org/fast-safe-stringify/-/fast-safe-stringify-2.0.8.tgz (sha512-lXatBjf3WPjmWD6DpIZxkeSsCOwqI0maYMpgDlx8g4U2qi4lbjA9oH/HD2a87G+KfsUmo5WbJFmqBZlPxtptag==) seems to be corrupted. Trying again.

I am using following dependencies :-

Error:-

see #10

Something that we've noticed is that the arr value is shared globally.

https://github.com/davidmarkclements/fast-safe-stringify/blob/master/index.js#L6

We run a bunch of low priority processes in parallel that all use safeStringify and have built in "pauses" to allow other high priority processes to use the main thread. This is leading to odd behavior since all the safeStringify's use the same arr object. There are a number of potential solutions to this that we could help to implement, but curious if you have any thoughts or preferred approaches?

One of our users has reported a somewhat weird issue - our app was crashing on a cross-origin frame that was contained somewhere in the object passed to the fast-safe-stringify.

After some debugging I've discovered that the issue is caused by the fact that even before calling the replacer function this window object throws on the internal obj.toJSON access. And the problem is... that we can't even easily supply a custom replacer to work around this because it won't see the value soon enough. We'd have to scan all the properties of the parent object, inspect their values and replace the window object there. This solution would drastically increase the amount of work needed to stringify all objects so I'm not super keen on doing this in our library.

The problem sort of can be showcased by this simplified version here:

JSON.stringify(
  {
    a: 1,
    b: {
      toJSON() {
        console.log('toJSON called');
        throw new Error("Oops");
      },
    },
  },
  (key, value) => {
    console.log({ key, value });
    return value;
  }
);

This results in this being logged:

{key: '', value: {…}}
{key: 'a', value: 1}
toJSON called

As we may see - the b key is never observed because toJSON is called first and it throws. In the original issue, this already throws on property access, I imagine that on logic like this 'toJSON' in obj.

And this simplified example showcases the problem quite accurately, even though it doesn't use this library. This is because at the end of the day... you are still using JSON.stringify under the hood:

I'm not sure if you should fix this... this would be quite nice for me and I could help in fixing this. But I'm not sure how to best approach this one - this would probably require attaching a fake toJSON to all objects (or even everything?), implementing proper try/catch in it, returning the original value so it could be handled by the replacer and then removing the fake toJSON from the mutated object 😬

I'm opening this issue to see if you have any better ideas on how this could be handled. And for posterity, since somebody might run into this too.

Like errors from GOT that have properties that are not returned by Object.keys.
How about using Object.getOwnPropertyNames in 'decirc' ?

And JSON.stringify do go over those properties

https://stackoverflow.com/questions/18277890/why-cant-i-see-the-keys-of-an-error-object

Safe ... sounds a little bit like canonical, so just wanted to check whether it implements the safe guarantees as this package:

https://www.npmjs.com/package/canonical-json

Just installed some dependencies that include a lenient semver string for this package. The depth limit made my app break in strange ways, wasn't really expecting [...] to start showing up in my REST calls. The depth limit is a neat feature, but probably shouldn't have a default value.

Hi, in the latest release you're introducing defaultLimits which haven't existed before: v2.0.8...v2.1.0#diff-e727e4bdf3657fd1d798edcd6b099d6e092f8573cba266154583a746bba0f346R22

This might break the Internet because of superagent lib using safe-fast-stringify ^2.0.7 and not providing any limits to the stringify method.

In ladjs/superagent@2e5d6fd the Superagent library changed from using JSON.stringify to using fast-safe-stringify for it's default object serializer when sending JSON data.

We use Sequelize for our ORM. Sequelize uses their own custom object structure, which supports a .toJSON call.

When Superagent was using JSON.stringify, that called the .toJSON method on our Sequelize objects, properly converting them to JSON. However, with the change to fast-safe-stringify, .toJSON is no longer called, even if it exists.

I'm not sure how to provide a copy of the object in question since getting its JSON representation is unlikely to be helpful, since all the Sequelize specifics are stripped from that.

Is there a reason this library does not call .toJSON if it exists?

Hello,
I got this error with tslint. The below code still work but I got the error warning with tslint.

[ts] Cannot invoke an expression whose type lacks a call signature. Type 'typeof import("../node_modules/fast-safe-stringify/index' has no compatible call signatures.

Here is my code

const stringify = require('fast-safe-stringify');
const info = { message: 'Message from John...' };
console.log(stringify(info));

• fast-safe-stringify: v2.0.4
• tslint: v5.10.0
• Typescript: 2.9.2

I'm looking for a JSON stringify function and am doubting between these two packages:

• fast-json-stringify
• fast-safe-stringify

Is it possible to add some comparison and/or benchmarks between these two?

As far as I see it the current benchmarks are not ideal. It would be great to have something similar like the Node.js benchmarks where they are over and over and a significance is shown as well. Something similar is done when using https://www.npmjs.com/package/benchmark.

Should we switch to that?