hershel-theodore-layton/json-post-deserialize

A fast to run verification to run after json_decode()

Maintainers

Details

github.com/hershel-theodore-layton/json-post-deserialize

Source

Issues

Installs: 2

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

Language:Hack

pkg:composer/hershel-theodore-layton/json-post-deserialize

v0.2.1 2025-11-02 20:31 UTC

Requires

  • hhvm: >=4.153

Requires (Dev)

MIT 1831b0a4003024e4e102703ec5ca0c7a96637349

This package is auto-updated.

Last update: 2026-01-18 13:24:10 UTC

README

A fast to run verification to run after json_decode()

Why?

\json_decode() can parse invalid JSON. If you want to store the JSON and expect to be able to parse it in the future, you should check it is not invalid JSON first. Future versions of hhvm might not parse invalid JSON the same way. Other programming environments, like Python, Go, or JavaScript certainly don't.

How?

After calling \json_decode_with_error(), you should check the $error variable. If this is null, you might still have parsed invalid JSON. \HTL\JsonCheck\quick_reject(string $json) will let you know that this happened. quick_reject() does not return an error for many invalid JSON documents, but it does return an error for every invalid JSON document that gets past \json_decode_with_error().

Why do this in Hack?

There is no function accessible to Hack that can validate a JSON document. If you want to call a real JSON parser, you'd need to call an external process. The overhead of copying the json string to the external process outweighs the cost of the hot loop in quick_reject().