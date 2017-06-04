openbase logo
openbase logo
CategoriesLeaderboard
ns

node-serialize

by Zihua Li
0.0.4 (see all)

Serialize an object including it's function into a JSON.

npm
GitHub
CDN

Overview

DocumentationTutorialsReviewsMaintenanceDependenciesVersionsAlternatives
Showing:

Popularity

Downloads/wk

1.4K

GitHub Stars

76

Maintenance

Last Commit

5yrs ago

Contributors

3

Package

Dependencies

0

License

Type Definitions

DefinitelyTyped

Tree-Shakeable

No?

Categories

Reviews

Be the first to rate

Readme

node-serialize

Serialize a object including it's function into a JSON.

Build Status

SECURITY WARNING

This module provides a way to unserialize strings into executable JavaScript code, so that it may lead security vulnerabilities if the original strings can be modified by untrusted third-parties (aka hackers). For instance, the following attack example provided by ajinabraham shows how to achieve arbitrary code injection with an IIFE:

var serialize = require('node-serialize');
var x = '{"rce":"_$$ND_FUNC$$_function (){console.log(\'exploited\')}()"}'
serialize.unserialize(x);

To avoid the security issues, at least one of the following methods should be taken:

  1. Make sure to send serialized strings internally, isolating them from potential hackers. For example, only sending the strings from backend to fronend and always using HTTPS instead of HTTP.

  2. Introduce public-key cryptosystems (e.g. RSA) to ensure the strings not being tampered with.

Install

npm install node-serialize

Usage

var serialize = require('node-serialize');

Serialize an object including it's function:

var obj = {
  name: 'Bob',
  say: function() {
    return 'hi ' + this.name;
  }
};

var objS = serialize.serialize(obj);
typeof objS === 'string';
serialize.unserialize(objS).say() === 'hi Bob';

Serialize an object with a sub object:

var objWithSubObj = {
  obj: {
    name: 'Jeff',
    say: function() {
      return 'hi ' + this.name;
    }
  }
};

var objWithSubObjS = serialize.serialize(objWithSubObj);
typeof objWithSubObjS === 'string';
serialize.unserialize(objWithSubObjS).obj.say() === 'hi Jeff';

Serialize a circular object:

var objCircular = {};
objCircular.self = objCircular;

var objCircularS = serialize.serialize(objCircular);
typeof objCircularS === 'string';
typeof serialize.unserialize(objCircularS).self.self.self.self === 'object';

Rate & Review

Great Documentation0
Easy to Use0
Performant0
Highly Customizable0
Bleeding Edge0
Responsive Maintainers0
Poor Documentation0
Hard to Use0
Slow0
Buggy0
Abandoned0
Unwelcoming Community0
100
No reviews found
Be the first to rate

Alternatives

No alternatives found

Tutorials

No tutorials found
Add a tutorial