Gathering detailed insights and metrics for nimma
Gathering detailed insights and metrics for nimma
Gathering detailed insights and metrics for nimma
Gathering detailed insights and metrics for nimma
npm install nimma
Module System
Min. Node Version
Typescript Support
Node Version
NPM Version
14 Stars
129 Commits
7 Forks
2 Watching
2 Branches
3 Contributors
Updated on 17 Nov 2024
JavaScript (99.88%)
Shell (0.12%)
Cumulative downloads
Total Downloads
Last day
-8.1%
129,127
Compared to previous day
Last week
-0.2%
726,313
Compared to previous week
Last month
13.3%
2,914,152
Compared to previous month
Last year
72.9%
25,392,679
Compared to previous year
1
JSON Path expressions? I mog nimma, aba naja. :trollface:
Skypack - recommended for Deno and browsers. Works with Node.js as well if you supply a custom module loader.
Package manager
1yarn add nimma
or if npm is the package manager of your choice
1npm install nimma --save
1import Nimma from 'nimma'; 2 3const document = { 4 info: { 5 title: 'Example API', 6 version: '1.0.0', 7 contact: { 8 name: 'API Support', 9 url: 'http://www.example.com/support', 10 email: '', 11 }, 12 }, 13 paths: { 14 '/users': { 15 get: { 16 summary: 'Returns a list of users.', 17 operationId: 'getUsers', 18 responses: { 19 200: { 20 description: 'OK', 21 }, 22 }, 23 }, 24 post: { 25 summary: 'Creates a new user.', 26 operationId: 'createUser', 27 responses: { 28 200: { 29 description: 'OK', 30 }, 31 }, 32 }, 33 put: { 34 summary: 'Updates a user.', 35 operationId: 'updateUser', 36 responses: { 37 200: { 38 description: 'OK', 39 }, 40 }, 41 }, 42 }, 43 }, 44}; 45 46const query = Nimma.query(document, { 47 '$.info'({ path, value }) { 48 console.log(path, value); 49 }, 50 '$.info.contact'({ path, value }) { 51 console.log(path, value); 52 }, 53 '$.paths[*][get,post]'({ path, value }) { 54 console.log(path, value); 55 }, 56}); 57 58// a given instance can be re-used to traverse another document 59query({ 60 info: { 61 title: 'Example API', 62 version: '2.0.0', 63 contact: { 64 email: '', 65 }, 66 }, 67});
Nimma can also generate a JS code that can be used to traverse a given JSON document.
1import Nimma from 'nimma'; 2import * as fs from 'node:fs/promises'; 3 4const nimma = new Nimma( 5 ['$.info', '$.info.contact', '$.servers[:5]', '$.paths[*][*]'], 6 { 7 module: 'esm', // or 'cjs' for CommonJS. 'esm' is the default value 8 }, 9); 10 11// for esm 12await fs.writeFile('./nimma-code.mjs', nimma.sourceCode); 13 14// for cjs 15await fs.writeFile('./nimma-code.cjs', nimma.sourceCode); 16 17// You can also use the code directly 18nimma.query(document, { 19 // You need to provide a callback for each JSON Path expression 20 '$.info'({ path, value }) { 21 console.log(path, value); 22 }, 23 '$.info.contact'({ path, value }) { 24 console.log(path, value); 25 }, 26 '$.servers[:5]'({ path, value }) { 27 console.log(path, value); 28 }, 29 '$.paths[*][*]'({ path, value }) { 30 console.log(path, value); 31 }, 32});
Once the code is written to the file, you can use it as follows:
1import query from './nimma-code.mjs'; // or const query = require('./nimma-code.cjs'); 2 3query(document, { 4 // You need to provide a callback for each JSON Path expression 5 '$.info'({ path, value }) { 6 console.log(path, value); 7 }, 8 '$.info.contact'({ path, value }) { 9 console.log(path, value); 10 }, 11 '$.servers[:5]'({ path, value }) { 12 console.log(path, value); 13 }, 14 '$.paths[*][*]'({ path, value }) { 15 console.log(path, value); 16 }, 17});
At the time the first version of Nimma was released, the JSONPath specification was non-existent. As such, Nimma was designed to be reasonably close to the already widely available JS implementations, specifically JSONPath-plus, with some differences. Today, in 2024, there is a draft available that aims to standardize JSONPath. Once the specification is finalized, Nimma will use it as the reference point and will be updated accordingly.
That being said, regardless of the chosen specification, there are a few caveats that may remain in place. One should bear in mind them in mind when using Nimma.
Nimma does not guarantee to respect the order specified by JSONPath expression. The JSONPath expression generally defines the sequence in which the results should be presented, but results provided by Nimma will vary depending on the JSON Path expressions provided. The order of results is usually tied to the order in which the document is traversed, albeit this is not always the case.
The tradeoffs listed below, while negligible in most scenarios, may be potential limitations for some use cases and should be taken into consideration.
To better illustrate it, let's use the following code as an example.
1import Nimma from 'nimma'; 2 3Nimma.query( 4 [ 5 [ 6 { 7 name: 'Raspberry', 8 }, 9 { 10 name: 'Strawberry', 11 }, 12 ], 13 [ 14 { 15 name: 'Orange', 16 }, 17 { 18 name: 'Lemon', 19 }, 20 { 21 name: 'Tangerine', 22 }, 23 ], 24 ], 25 { 26 '$[*][1,0,2].name'(result) { 27 console.log(result.value); 28 }, 29 }, 30);
Running the code above will output "Strawberry"
, "Raspberry"
, "Lemon"
, "Orange"
, "Tangerine"
, which is fully in line with the expectations. In that particular case, Nimma knows the JSON Path expression is static and is able to optimize the traversal. As such, the order of the results is preserved.
However, adding another dependency may affect that optimization, and the order of the results may change.
1import Nimma from 'nimma'; 2 3Nimma.query( 4 [ 5 [ 6 { 7 name: 'Raspberry', 8 }, 9 { 10 name: 'Strawberry', 11 }, 12 ], 13 [ 14 { 15 name: 'Orange', 16 }, 17 { 18 name: 'Lemon', 19 }, 20 { 21 name: 'Tangerine', 22 }, 23 { 24 name: 'Lime', 25 }, 26 ], 27 ], 28 { 29 '$[*][1,0,2].name'(result) { 30 console.log(result.value); 31 }, 32 '$[*][*].name'(result) {}, 33 }, 34);
The above JSON Path expression is still static, but due to another wildcard selector $[*][*]
, Nimma now needs to adjust the assumptions leading to "Strawberry"
, "Raspberry"
, "Lemon"
, "Orange"
, "Tangerine"
being printed, as this is the order of the traversal in the given situation.
Nimma will match each value exactly once for each JSONPath expression. This means that certain expressions that potentially match multiple values, such as $[*,*]
will only match N nodes instead of 2N.
Expanding a bit on the aforementioned caveats, one can already tell that Nimma, although being yet-another-json-path query engine, is rather considerably different from its JS counterparts in its design and purpose.
Nimma is meant to work on many JSONPath expressions at once, while other libraries such as JSONPath-plus or jsonpath are generally meant to operate on a single expression at a time, which in certain circumstances may mean you need to traverse the entire object a few times. Nimma tries to avoid that and traverses the object only once regardless of the number of expressions provided.
The query
method on Nimma does not return an array of matched values. Instead, it is a callback-based API that expects you to process the results as they come.
On top of that, unlike jsonpath-plus, Nimma script filter expressions more strictly.
This is mostly thanks to jsep that Nimma is equipped with, as well as a set of additional enforcements.
Due to that, it's not possible to reference any object or function, even if it exists in the given environment.
For instance, $[?(Array.isArray(@)]
will throw an exception, same as $[(?Object.prototype = {})]
, etc.
As a result, it's generally safer to execute these expressions, however there's no security guarantee here by any means,
and therefore it's still advisable to run Nimma in an isolated environment if JSONPath expressions cannot be trusted.
Nimma is generally pretty compatible with JSONPath-plus and can be used as a replacement in many situations. In fact, we have a test suite that checks Nimma against JSONPath-plus own test cases, and it passes in the majority of cases.
The disabled tests in are the scenarios that are not supported by Nimma. You should also be aware of the caveats mentioned in the Caveats section, as that's also a difference between Nimma and JSONPath-plus.
Nimma consists of 3 major components. These are:
nimma/parser
,Parser takes a JSON Path expression and generates an AST that's consumed by the codegen in the next step. Nimma has its own JSON Path expression parser that's different from all remaining ones, thus some there might be instances where Nimma will parse a given expression differently than JSONPath-plus or jsonpath.
Codegen is a two-step process:
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
Reason
2 existing vulnerabilities detected
Details
Reason
5 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 5
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
Reason
Found 0/30 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
Reason
no SAST tool detected
Details
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
Reason
project is not fuzzed
Details
Score
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More