Gathering detailed insights and metrics for node-jq
Gathering detailed insights and metrics for node-jq
Installations
npm install node-jqDeveloper
sanack
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
>= 18
Typescript Support
Yes
Node Version
22.4.1
NPM Version
9.8.1
Statistics
277 Stars
558 Commits
51 Forks
6 Watching
28 Branches
30 Contributors
Updated on 25 Nov 2024
Bundle Size
67.03 kB
Minified
16.05 kB
Minified + Gzipped
Languages
TypeScript (80.03%)
JavaScript (19.97%)
Total Downloads
Cumulative downloads
Total Downloads
7,207,444
Last day
-12%
10,899
Compared to previous day
Last week
1.5%
64,233
Compared to previous week
Last month
7%
270,545
Compared to previous month
Last year
28.5%
2,411,782
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dependencies
5
Dev Dependencies
33
@arkweid/lefthook@semantic-release/changelog@semantic-release/commit-analyzer@semantic-release/github@semantic-release/npm@semantic-release/release-notes-generator@swc-node/register@swc/cli@swc/core@tsconfig/node18@tsconfig/strictest@types/chai@types/eslint@types/is-valid-path@types/mocha@types/node@types/strip-final-newline@typescript-eslint/eslint-plugin@typescript-eslint/parserchaicodeclimate-test-reporterconventional-changelog-conventionalcommitscopyfileseslinteslint-config-prettiereslint-plugin-prettiermochanycprettiersemantic-releasesnazzytypescriptvalidate-commit-msg
Versions
node-jq is a Node.js wrapper for jq - a lightweight and flexible command-line JSON processor
Installation
1$ npm install node-jq --save 2# or 3$ yarn add node-jq
Fast
You can use jq directly after installing it:
1npx node-jq '.foo' package.json
Advanced installation
By default, node-jq downloads jq during the installation process with a post-install script. Depending on your SO downloads from [https://github.com/jqlang/jq/releases] into ./node_modules/node-jq/bin/jq to avoid colisions with any global installation. Check #161 #167 #171 for more information. You can safely rely on this location for your installed jq, we won't change this path without a major version upgrade.
If you want to skip the installation step of jq, you can set NODE_JQ_SKIP_INSTALL_BINARY to true or ignore the post-install script from the installation npm install node-jq --ignore-scripts.
1export NODE_JQ_SKIP_INSTALL_BINARY=true 2npm install node-jq
1npm install node-jq --ignore-scripts
Usage
jq example
Usually in your CLI using jq:
1jq ".abilities[].moves" bulbasaur.json
and you get
1{ 2 "name": "heartgold-soulsilver", 3 "power": "10" 4} 5{ 6 "name": "platinum", 7 "power": "50" 8} 9{ 10 "name": "diamond-pearl", 11 "power": "99" 12}
node-jq equivalent
With node-jq you could run it programmatically and interact with the output as a JavaScript Object:
NOTE: Take care of the filter that you are using with
jq, mapping an array or any other iterative output isn't a valid JavaScript Object, that might fail at parse-time.
1const jq = require('node-jq') 2 3const filter = '.abilities[].moves' 4const jsonPath = '/path/to/bulbasaur.json' 5const options = {} 6 7jq.run(filter, jsonPath, options) 8 .then((output) => { 9 console.log(output) 10 /* 11 { 12 "name": "heartgold-soulsilver", 13 "power": "10" 14 }, 15 { 16 "name": "platinum", 17 "power": "50" 18 }, 19 { 20 "name": "diamond-pearl", 21 "power": "99" 22 } 23 */ 24 }) 25 .catch((err) => { 26 console.error(err) 27 // Something went wrong... 28 })
Options
path to jq binary
By default, the jq binary installed with the package is used. If you have special needs or want to use another binary in a different
path you can set the environment variable JQ_PATH to override the binary path.
input
| Description | Type | Values | Default |
|---|---|---|---|
| Type of input | string | 'file', 'json', 'string' | 'file' |
input: 'file'
Run the jq query against a JSON file.
1jq.run('.', '/path/to/file.json').then(console.log) 2// { "foo": "bar" }
input: 'file' with multiple files
Run jq query against multiple JSON files.
1jq.run('.', ['/path/to/file.json','path/to/other_file.json']).then(console.log) 2// { "foo": "bar" } 3// { "otherFoo": "andBar" }
input: 'json'
Run the jq query against an Object.
1jq.run('.', { foo: 'bar' }, { input: 'json' }).then(console.log) 2// { "foo": "bar" } 3
input: 'string'
Run the jq query against a String.
1jq.run('.', '{ foo: "bar" }', { input: 'string' }).then(console.log) 2// { "foo": "bar" }
output
| Description | Values | Default |
|---|---|---|
| Type of output | 'pretty', 'json', 'compact', 'string' | 'pretty' |
output: 'pretty'
Return the output as a String.
1jq.run('.', '/path/to/file.json', { output: 'string' }).then(console.log) 2// { 3// "foo": "bar" 4// }
output: 'json'
Return the output as an Object.
1jq.run('.', '/path/to/file.json', { output: 'json' }).then(console.log) 2// { foo: 'bar' }
output: 'compact'|'string'
Return the output as a String.
1jq.run('.', '/path/to/file.json', { output: 'compact' }).then(console.log) 2// {"foo":"bar"} 3jq.run('.', '/path/to/file.json', { output: 'string' }).then(console.log) 4// {"foo":"bar"}
slurp
| Description | Values | Default |
|---|---|---|
| Read input stream into array | true, false | false |
slurp: true
Read input stream into array.
1jq.run('.', ['/path/to/file.json','/path/to/other_file.json'], { output: 'json', slurp: true }).then(console.log) 2// [ 3// { 4// "foo": "bar" 5// }, 6// { 7// "otherFoo": "andBar" 8// } 9// ]
sort
| Description | Values | Default |
|---|---|---|
| Sort object keys in alphabetical order | true, false | false |
sort: true
Sorts object keys alphabetically.
1jq.run('.', ['/path/to/file.json'], { output: 'json', sort: true }).then(console.log) 2// { 3// "a": 2, 4// "b": 1 5// },
args
| Description | Values | Default |
|---|---|---|
| Send custom args to the jq command | [object] | undefined |
args: { myfruit: { hello: 'orange'}, myfruit2: "banana" }
Adds the --argjson myfruit "{ 'hello': 'orange' }" --arg myfruit2 orange arguments to the internal jq command
1jq.run('{"fruit":$myfruit,"fruit2":$myfruit2}', ['/path/to/file.json'], { output: 'json', sort: true, args: { myfruit: { hello: 'orange' }, myfruit2: "banana" } }).then(console.log) 2// { 3// fruit: { 4// hello: "orange" 5// }, 6// fruit2: "banana" 7// }
cwd
| Description | Values | Default |
|---|---|---|
Set working dir for jq process | valid path | process.cwd() |
1jq.run('.', ['file.json'], { output: 'json', sort: true }, '/path/to').then(console.log) 2// { 3// "a": 2, 4// "b": 1 5// },
detached
| Description | Values | Default |
|---|---|---|
Run jq process as detached process | true, false | false |
By default jq process will run 'attached' to the main process. That means that any interrupt signal main process receives will be propagated to jq process. For example, if main process receives SIGTERM, jq will also receive it and exit immediately.
However, in some cases you might not want jq to exit immediately and let it exit normally. For example, if you want to implement a graceful shutdown - main process receives SIGTERM, it finishes processing current json file and exits after processing is completed.
To achieve that run jq detached and NodeJS will not propagate SIGTERM to jq process allowing it to run until it completes.
1jq.run('.', ['file.json'], { output: 'json', sort: true }, undefined, true).then(console.log) 2// { 3// "a": 2, 4// "b": 1 5// },
Projects using node-jq
- atom-jq: an Atom package for manipulating JSON
- json-splora: an Electron implementation for manipulating JSON
- Check more
Why?
Why would you want to manipulate JavaScript Objects with jq inside a nodejs app, when there are tools like ramda or lodash?
The idea was to port jq in node to be able to run it as-is. node-jq doesn't try to replace Array/Object filters, maps, transformations, and so on.
Our primary goal was to make jq syntax available inside an Atom extension: atom-jq.
Other than that, jq is an interesting CLI tool to quickly parse and manipulate the response of an API, such as:
1curl 'https://jsonplaceholder.typicode.com/comments' | jq '.[].postId'
There are also people dealing with complex use-cases, and some of them want to port their bash scripts to node:
- ilya-sher.org/2016/05/11/most-jq-you-will-ever-need
- cloudadvantage.com.au/new-aws-command-line-tool-and-jq
Want to learn jq?
Seems hard to learn, but it really isn't.
jq is like sed for JSON. Slice, filter, map and transform structured data in a simple and powerful way.
Take a look at this great introduction or a jq lesson.
You can check out the official manual and fiddle around in the online playground jqplay.org.
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE.md:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.md:0
Reason
Found 5/13 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/ci.yml:71
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:29: update your workflow using https://app.stepsecurity.io/secureworkflow/sanack/node-jq/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:32: update your workflow using https://app.stepsecurity.io/secureworkflow/sanack/node-jq/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:36: update your workflow using https://app.stepsecurity.io/secureworkflow/sanack/node-jq/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:78: update your workflow using https://app.stepsecurity.io/secureworkflow/sanack/node-jq/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:81: update your workflow using https://app.stepsecurity.io/secureworkflow/sanack/node-jq/ci.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:45
- Info: 0 out of 5 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 24 are checked with a SAST tool
Reason
11 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-4q6p-r6v2-jvc5
- Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22
- Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-44c6-4v22-4mhx
- Warn: Project is vulnerable to: GHSA-4x5v-gmq8-25ch
- Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36
- Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3
Score
3.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More