Gathering detailed insights and metrics for json
Gathering detailed insights and metrics for json
Gathering detailed insights and metrics for json
Gathering detailed insights and metrics for json
A "json" command for massaging JSON on your Unix command line.
npm install json
Typescript
Module System
Min. Node Version
Node Version
NPM Version
99.2
Supply Chain
99.6
Quality
75.9
Maintenance
100
Vulnerability
100
License
JavaScript (68.55%)
Perl (24.15%)
Makefile (3.26%)
Python (3.02%)
Shell (1.02%)
Total Downloads
35,308,360
Last Day
33,530
Last Week
311,324
Last Month
1,241,351
Last Year
8,143,942
NOASSERTION License
1,558 Stars
356 Commits
121 Forks
28 Watchers
11 Branches
13 Contributors
Updated on Jun 23, 2025
Minified
Minified + Gzipped
Latest Version
11.0.0
Package Id
json@11.0.0
Unpacked Size
122.37 kB
Size
35.90 kB
File Count
8
NPM Version
6.14.8
Node Version
10.23.0
Cumulative downloads
Total Downloads
Last Day
2.9%
33,530
Compared to previous day
Last Week
-1.9%
311,324
Compared to previous week
Last Month
24.2%
1,241,351
Compared to previous month
Last Year
38.8%
8,143,942
Compared to previous year
json
is a fast CLI tool for working with JSON. It is a single-file node.js
script with no external deps (other than
node.js itself). A quick taste:
$ echo '{"foo":"bar"}' | json
{
"foo": "bar"
}
$ echo '{"foo":"bar"}' | json foo
bar
$ echo '{"fred":{"age":42}}' | json fred.age # '.' for property access
42
$ echo '{"age":10}' | json -e 'this.age++'
{
"age": 11
}
# `json -ga` (g == group, a == array) for streaming mode
$ echo '{"latency":32,"req":"POST /widgets"}
{"latency":10,"req":"GET /ping"}
' | json -gac 'this.latency > 10' req
POST /widgets
Features:
-e
and -c
options)-ga
)See https://trentm.com/json for full docs and examples as a man page.
Follow @trentmick for updates to json.
Get node.
npm install -g json
Note: This used to be called 'jsontool' in the npm registry, but as of version 8.0.0 it has taken over the 'json' name. See npm Package Name below.
OR manually:
Get the 'json' script and put it on your PATH somewhere (it is a single file with no external dependencies). For example:
cd ~/bin
curl -L https://github.com/trentm/json/raw/master/lib/json.js > json
chmod 755 json
You should now have "json" on your PATH:
$ json --version
json 9.0.0
WARNING for Ubuntu/Debian users: There is a current bug in Debian stable
such that "apt-get install nodejs" installed a nodejs
binary instead of a
node
binary. You'll either need to create a symlink for node
, change the
json
command's shebang line to "#!/usr/bin/env nodejs" or use
chrislea's PPA as
discussed on issue #56. You can also do "apt-get install nodejs-legacy" to install symlink for node
with apt.
make test
You can also limit (somewhat) which tests are run with the TEST_ONLY
envvar,
e.g.:
cd test && TEST_ONLY=executable nodeunit test.js
I test against node 0.4 (less so now), 0.6, 0.8, and 0.10.
MIT (see the fine LICENSE.txt file).
Since v1.3.1 you can use "json" as a node.js module:
var json = require('json');
However, so far the module API isn't that useful and the CLI is the primary focus.
Once upon a time, json
was a different thing (see zpoley's json-command
here), and this module was
called jsontool
in npm. As of version 8.0.0 of this module, npm install json
means this tool.
If you see documentation referring to jsontool
, it is most likely
referring to this module.
7.2/10
Summary
trentm/json vulnerable to command injection
Affected Versions
< 10.0.0
Patched Versions
10.0.0
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
dependency not pinned by hash detected -- score normalized to 3
Details
Reason
Found 6/30 approved changesets -- score normalized to 2
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Reason
branch protection not enabled on development/release branches
Details
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
Reason
16 existing vulnerabilities detected
Details
Score
Last Scanned on 2025-06-23
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More