Giter Site home page Giter Site logo

modiimedia / json-typedef-js Goto Github PK

View Code? Open in Web Editor NEW

This project forked from jsontypedef/json-typedef-js

0.0 0.0 0.0 247 KB

A JavaScript / TypeScript implementation of JSON Type Definition

Home Page: https://jsontypedef.com

License: MIT License

TypeScript 97.91% JavaScript 2.09%

json-typedef-js's Introduction

This is a fork of the official json-typedef-js that provides improved ESM support while (hopefully) maintaining compatibility with legacy CommonJS stuff.

jtd: JSON Validation for JavaScript

npm

JSON Type Definition, aka RFC 8927, is an easy-to-learn, standardized way to define a schema for JSON data. You can use JSON Typedef to portably validate data across programming languages, create dummy data, generate code, and more.

This jtd package is a JavaScript / TypeScript implementation of JSON Type Definition. It lets you validate input data against JSON Type Definition schemas. jtd works in Node.js and web browsers.

If you're looking to generate code from schemas, check out "Generating TypeScript from JSON Typedef schemas" in the JSON Typedef docs.

Installation

You can install this package with npm:

npm install jtd

Or with yarn:

yarn add jtd

Documentation

Detailed API documentation is available online at:

https://jsontypedef.github.io/json-typedef-js/index.html

For more high-level documentation about JSON Typedef in general, or JSON Typedef in combination with JavaScript in particular, see:

Basic Usage

Here's an example of how you can use this package to validate JSON data against a JSON Typedef schema:

import { Schema, validate } from "jtd";

// You can leave out the "as Schema" part at the end if you're using JavaScript
// and not TypeScript.
const schema = {
  properties: {
    name: { type: "string" },
    age: { type: "uint32" },
    phones: {
      elements: { type: "string" },
    },
  },
} as Schema;

// jtd.validate returns an array of validation errors. If there were no problems
// with the input, it returns an empty array.

// Outputs: []
console.log(
  validate(schema, {
    name: "John Doe",
    age: 43,
    phones: ["+44 1234567", "+44 2345678"],
  })
);

// This next input has three problems with it:
//
// 1. It's missing "name", which is a required property.
// 2. "age" is a string, but it should be an integer.
// 3. "phones[1]" is a number, but it should be a string.
//
// Each of those errors corresponds to one of the errors returned by validate.

// Outputs:
//
// [
//   { instancePath: [], schemaPath: [ 'properties', 'name' ] },
//   {
//     instancePath: [ 'age' ],
//     schemaPath: [ 'properties', 'age', 'type' ]
//   },
//   {
//     instancePath: [ 'phones', '1' ],
//     schemaPath: [ 'properties', 'phones', 'elements', 'type' ]
//   }
// ]
console.log(
  validate(schema, {
    age: "43",
    phones: ["+44 1234567", 442345678],
  })
);

Advanced Usage: Limiting Errors Returned

By default, jtd.validate returns every error it finds. If you just care about whether there are any errors at all, or if you can't show more than some number of errors, then you can get better performance out of jtd.validate using the maxErrors option.

For example, taking the same example from before, but limiting it to 1 error, we get:

// Outputs:
//
// [ { instancePath: [], schemaPath: [ 'properties', 'name' ] } ]
console.log(
  validate(
    schema,
    {
      age: "43",
      phones: ["+44 1234567", 442345678],
    },
    { maxErrors: 1 }
  )
);

Advanced Usage: Handling Untrusted Schemas

If you want to run jtd against a schema that you don't trust, then you should:

  1. Ensure the schema is well-formed, using jtd.isSchema and jtd.isValidSchema. isSchema does basic "type" checking (and in TypeScript, it acts as a type guard for the Schema type), while isValidSchema validates things like making sure all refs have corresponding definitions.

  2. Call jtd.validate with the maxDepth option. JSON Typedef lets you write recursive schemas -- if you're evaluating against untrusted schemas, you might go into an infinite loop when evaluating against a malicious input, such as this one:

    {
  "ref": "loop",
  "definitions": {
    "loop": {
      "ref": "loop"
    }
  }
}

    The maxDepth option tells jtd.validate how many refs to follow recursively before giving up and throwing jtd.MaxDepthExceededError.

Here's an example of how you can use jtd to evaluate data against an untrusted schema:

import { isSchema, isValidSchema, Schema, validate } from "jtd";

// validateUntrusted returns true if `data` satisfies `schema`, and false if it
// does not. Throws an error if `schema` is invalid, or if validation goes in an
// infinite loop.
function validateUntrusted(schema: unknown, data: unknown): boolean {
  if (!isSchema(schema) || !isValidSchema(schema)) {
    throw new Error("invalid schema");
  }

  // You should tune maxDepth to be high enough that most legitimate schemas
  // evaluate without errors, but low enough that an attacker cannot cause a
  // denial of service attack.
  return validate(schema, data, { maxDepth: 32 }).length === 0;
}

// Returns true
validateUntrusted({ type: "string" }, "foo");

// Returns false
validateUntrusted({ type: "string" }, null);

// Throws "invalid schema"
validateUntrusted({ type: "nonsense" }, null);

// Throws an instance of jtd.MaxDepthExceededError
validateUntrusted(
  {
    ref: "loop",
    definitions: {
      loop: {
        ref: "loop",
      },
    },
  },
  null
);

json-typedef-js's People

Contributors

ucarion avatar joshmossas avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.