{"id":1910257,"name":"json5","ecosystem":"npm","description":"JSON for Humans","homepage":"http://json5.org/","licenses":"MIT","normalized_licenses":["MIT"],"repository_url":"https://github.com/json5/json5","keywords_array":["json","json5","es5","es2015","ecmascript"],"namespace":null,"versions_count":27,"first_release_published_at":"2012-05-27T20:32:41.061Z","latest_release_published_at":"2022-12-31T17:11:32.047Z","latest_release_number":"2.2.3","last_synced_at":"2026-06-16T12:06:57.877Z","created_at":"2022-04-09T18:13:26.943Z","updated_at":"2026-06-16T15:54:07.132Z","registry_url":"https://www.npmjs.com/package/json5","install_command":"npm install json5","documentation_url":null,"metadata":{"funding":null,"dist-tags":{"latest":"2.2.3","previous":"1.0.2"}},"repo_metadata":{"id":3412828,"uuid":"4463453","full_name":"json5/json5","owner":"json5","description":"JSON5 — JSON for Humans","archived":false,"fork":false,"pushed_at":"2024-10-25T14:12:31.000Z","size":1045,"stargazers_count":7130,"open_issues_count":41,"forks_count":275,"subscribers_count":81,"default_branch":"main","last_synced_at":"2026-05-25T02:21:43.056Z","etag":null,"topics":["json","json5"],"latest_commit_sha":null,"homepage":"http://json5.org/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/json5.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2012-05-27T17:37:34.000Z","updated_at":"2026-05-25T02:08:35.000Z","dependencies_parsed_at":"2024-01-13T17:57:52.399Z","dependency_job_id":"95b3848a-68bf-460d-b08c-276f4d564293","html_url":"https://github.com/json5/json5","commit_stats":{"total_commits":391,"total_committers":29,"mean_commits":"13.482758620689655","dds":"0.48593350383631717","last_synced_commit":"b935d4a280eafa8835e6182551b63809e61243b0"},"previous_names":["aseemk/json5"],"tags_count":26,"template":false,"template_full_name":null,"purl":"pkg:github/json5/json5","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/json5","download_url":"https://codeload.github.com/json5/json5/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/sbom","scorecard":{"id":211246,"data":{"date":"2025-08-11","repo":{"name":"github.com/json5/json5","commit":"b935d4a280eafa8835e6182551b63809e61243b0"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.2,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: SECURITY.md:1","Info: Found linked content: SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1","Info: Found text in security policy: SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Code-Review","score":2,"reason":"Found 6/27 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE.md:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 17 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"49 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92","Warn: Project is vulnerable to: GHSA-6chw-6frg-f759","Warn: Project is vulnerable to: GHSA-v88g-cgmw-v5xw","Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw","Warn: Project is vulnerable to: GHSA-fwr7-v2mv-hh25","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c","Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq","Warn: Project is vulnerable to: GHSA-h6ch-v84p-w6p9","Warn: Project is vulnerable to: GHSA-3gx7-xhv7-5mx3","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-q42p-pg8m-cqh6","Warn: Project is vulnerable to: GHSA-w457-6q6x-cgp9","Warn: Project is vulnerable to: GHSA-62gr-4qp9-h98f","Warn: Project is vulnerable to: GHSA-f52g-6jhx-586p","Warn: Project is vulnerable to: GHSA-2cf5-4w76-r9qv","Warn: Project is vulnerable to: GHSA-3cqr-58rm-57f8","Warn: Project is vulnerable to: GHSA-g9r4-xpmj-mj65","Warn: Project is vulnerable to: GHSA-q2c6-c6pm-g3gh","Warn: Project is vulnerable to: GHSA-765h-qjxv-5f44","Warn: Project is vulnerable to: GHSA-f2jv-r9rf-7988","Warn: Project is vulnerable to: GHSA-43f8-2h32-f4cj","Warn: Project is vulnerable to: GHSA-8j8c-7jfh-h6hx","Warn: Project is vulnerable to: GHSA-896r-f27r-55mw","Warn: Project is vulnerable to: GHSA-6c8f-qphg-qjgp","Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695","Warn: Project is vulnerable to: GHSA-p6mc-m468-83gw","Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3","Warn: Project is vulnerable to: GHSA-vh95-rmgr-6w4m","Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h","Warn: Project is vulnerable to: GHSA-fhjf-83wg-r2j9","Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9","Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j","Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp","Warn: Project is vulnerable to: GHSA-p8p7-x288-28g6","Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm","Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw","Warn: Project is vulnerable to: GHSA-4g88-fppr-53pp","Warn: Project is vulnerable to: GHSA-4jqc-8m5r-9rpr","Warn: Project is vulnerable to: GHSA-4wf5-vphf-c2xc","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-72xf-g2v4-qvf3","Warn: Project is vulnerable to: GHSA-c4w7-xm78-47vh","Warn: Project is vulnerable to: GHSA-p9pc-299p-vxgp"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-17T00:48:16.082Z","repository_id":3412828,"created_at":"2025-08-17T00:48:16.082Z","updated_at":"2025-08-17T00:48:16.082Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33500542,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-25T14:31:05.219Z","status":"online","status_checked_at":"2026-05-26T02:00:06.821Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"owner_record":{"login":"json5","name":"JSON5","uuid":"18183427","kind":"organization","description":"JSON for Humans","email":null,"website":"https://json5.org/","location":null,"twitter":null,"company":null,"icon_url":"https://avatars.githubusercontent.com/u/18183427?v=4","repositories_count":8,"last_synced_at":"2026-05-16T15:58:48.034Z","metadata":{"has_sponsors_listing":false},"html_url":"https://github.com/json5","funding_links":[],"total_stars":7271,"followers":67,"following":0,"created_at":"2022-11-02T16:19:56.912Z","updated_at":"2026-05-16T15:58:48.034Z","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/json5","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/json5/repositories"},"tags":[{"name":"v2.2.3","sha":"c3a75242772a5026a49c4017a16d9b3543b62776","kind":"tag","published_at":"2022-12-31T17:09:31.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v2.2.3","html_url":"https://github.com/json5/json5/releases/tag/v2.2.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v2.2.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.2.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.2.3/manifests"},{"name":"v1.0.2","sha":"a62db1e51e1031d92ac260f5bb38bbed1fdbc754","kind":"tag","published_at":"2022-12-30T17:06:14.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v1.0.2","html_url":"https://github.com/json5/json5/releases/tag/v1.0.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v1.0.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.2/manifests"},{"name":"v2.2.2","sha":"14f8cb186e8abdfaccf6527171da7b1224374650","kind":"tag","published_at":"2022-12-16T06:37:07.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v2.2.2","html_url":"https://github.com/json5/json5/releases/tag/v2.2.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v2.2.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.2.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.2.2/manifests"},{"name":"v2.2.1","sha":"502da86f8e8e2168e301dc5157919935082d0f7b","kind":"tag","published_at":"2022-03-21T16:30:35.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v2.2.1","html_url":"https://github.com/json5/json5/releases/tag/v2.2.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v2.2.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.2.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.2.1/manifests"},{"name":"v2.2.0","sha":"4cf57da675f55c619f959132eb58a5683ca4a9c7","kind":"tag","published_at":"2021-02-01T01:53:09.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v2.2.0","html_url":"https://github.com/json5/json5/releases/tag/v2.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v2.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.2.0/manifests"},{"name":"v2.1.3","sha":"32bb2cdae4864b2ac80a6d9b4045efc4cc54f47a","kind":"tag","published_at":"2020-04-04T22:57:08.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v2.1.3","html_url":"https://github.com/json5/json5/releases/tag/v2.1.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v2.1.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.1.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.1.3/manifests"},{"name":"v2.1.2","sha":"4695d69bbdb18ef7386350c2daa562e5251ba860","kind":"tag","published_at":"2020-03-16T19:45:00.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v2.1.2","html_url":"https://github.com/json5/json5/releases/tag/v2.1.2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v2.1.2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.1.2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.1.2/manifests"},{"name":"v2.1.1","sha":"4425e8e422e05f5925a88f1f370cff9486281b51","kind":"tag","published_at":"2019-10-02T20:48:32.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v2.1.1","html_url":"https://github.com/json5/json5/releases/tag/v2.1.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v2.1.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.1.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.1.1/manifests"},{"name":"v2.1.0","sha":"69c4a75d345a58a773148dd9c05ce74e668dc87d","kind":"tag","published_at":"2018-09-28T05:08:27.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v2.1.0","html_url":"https://github.com/json5/json5/releases/tag/v2.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v2.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.1.0/manifests"},{"name":"v2.0.1","sha":"baaa8d9892d96fd19b398618894b49c4a2d32a30","kind":"tag","published_at":"2018-08-18T18:23:39.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v2.0.1","html_url":"https://github.com/json5/json5/releases/tag/v2.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v2.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.0.1/manifests"},{"name":"v2.0.0","sha":"3b44f2e496a2cec54ce0c01fa37897c7906836c8","kind":"tag","published_at":"2018-08-17T04:04:54.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v2.0.0","html_url":"https://github.com/json5/json5/releases/tag/v2.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v2.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v2.0.0/manifests"},{"name":"v1.0.1","sha":"072eb402fc107a2f568ba78962d3d99de95032a9","kind":"tag","published_at":"2018-03-18T03:30:16.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v1.0.1","html_url":"https://github.com/json5/json5/releases/tag/v1.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v1.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.1/manifests"},{"name":"v1.0.0","sha":"1d64ece245f33d714938bf8513f65f71886b9941","kind":"commit","published_at":"2018-03-11T21:51:38.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v1.0.0","html_url":"https://github.com/json5/json5/releases/tag/v1.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v1.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0/manifests"},{"name":"v1.0.0-beta.3","sha":"6c87a49d21325ed4bf458e2de1a95431e7f01e26","kind":"tag","published_at":"2017-09-30T20:24:20.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v1.0.0-beta.3","html_url":"https://github.com/json5/json5/releases/tag/v1.0.0-beta.3","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v1.0.0-beta.3","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0-beta.3","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0-beta.3/manifests"},{"name":"v1.0.0-beta-2","sha":"db55e47296ac0c811917286f1d68984e207d1310","kind":"tag","published_at":"2017-09-30T05:03:24.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v1.0.0-beta-2","html_url":"https://github.com/json5/json5/releases/tag/v1.0.0-beta-2","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v1.0.0-beta-2","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0-beta-2","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0-beta-2/manifests"},{"name":"v1.0.0-beta","sha":"72ecf59df7d23be037cb6db90c82c9ffa460a406","kind":"commit","published_at":"2017-09-25T07:35:40.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v1.0.0-beta","html_url":"https://github.com/json5/json5/releases/tag/v1.0.0-beta","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v1.0.0-beta","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0-beta","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0-beta/manifests"},{"name":"v1.0.0-regexps","sha":"3bb02e047903867a1768f6901de073724da7aed3","kind":"tag","published_at":"2017-09-24T01:19:28.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v1.0.0-regexps","html_url":"https://github.com/json5/json5/releases/tag/v1.0.0-regexps","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v1.0.0-regexps","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0-regexps","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0-regexps/manifests"},{"name":"v1.0.0-dates","sha":"07c02918b7c53a378d6cf4d7aa026f39a457338b","kind":"tag","published_at":"2017-09-24T00:30:54.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v1.0.0-dates","html_url":"https://github.com/json5/json5/releases/tag/v1.0.0-dates","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v1.0.0-dates","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0-dates","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v1.0.0-dates/manifests"},{"name":"v0.5.1","sha":"18fd19e687674c053c2b30a7c0d49f7da481ae5b","kind":"tag","published_at":"2016-11-27T22:00:43.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v0.5.1","html_url":"https://github.com/json5/json5/releases/tag/v0.5.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v0.5.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.5.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.5.1/manifests"},{"name":"v0.5.0","sha":"c58c026a58dd0b71401f7aa99e891291a60820e3","kind":"tag","published_at":"2016-03-17T07:49:50.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v0.5.0","html_url":"https://github.com/json5/json5/releases/tag/v0.5.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v0.5.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.5.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.5.0/manifests"},{"name":"v0.4.0","sha":"3b8f449adb26dc178bf5685888c5542281ae25be","kind":"commit","published_at":"2014-11-05T03:25:03.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v0.4.0","html_url":"https://github.com/json5/json5/releases/tag/v0.4.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v0.4.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.4.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.4.0/manifests"},{"name":"v0.3.0","sha":"b0f09f5a18ffcc0b1dbc366abb87ca4003761dbe","kind":"commit","published_at":"2013-10-03T03:51:44.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v0.3.0","html_url":"https://github.com/json5/json5/releases/tag/v0.3.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v0.3.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.3.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.3.0/manifests"},{"name":"v0.2.0","sha":"661e53bc8b804d868c1de51c706105a64851c20b","kind":"tag","published_at":"2013-01-28T05:35:09.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v0.2.0","html_url":"https://github.com/json5/json5/releases/tag/v0.2.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v0.2.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.2.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.2.0/manifests"},{"name":"v0.1.0","sha":"296eac57522978ccf32dc55708427accbefed988","kind":"tag","published_at":"2012-06-03T17:05:15.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v0.1.0","html_url":"https://github.com/json5/json5/releases/tag/v0.1.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v0.1.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.1.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.1.0/manifests"},{"name":"v0.0.0","sha":"5845a318a77418a0860923534009ff7ae0829bf4","kind":"tag","published_at":"2012-06-03T16:13:23.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v0.0.0","html_url":"https://github.com/json5/json5/releases/tag/v0.0.0","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v0.0.0","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.0.0","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.0.0/manifests"},{"name":"v0.0.1","sha":"51a49227f3fbc3dec0b95cca50c973a3d8bc71d8","kind":"tag","published_at":"2012-05-28T02:14:52.000Z","download_url":"https://codeload.github.com/json5/json5/tar.gz/v0.0.1","html_url":"https://github.com/json5/json5/releases/tag/v0.0.1","dependencies_parsed_at":null,"dependency_job_id":null,"purl":"pkg:github/json5/json5@v0.0.1","tag_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.0.1","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/tags/v0.0.1/manifests"}]},"repo_metadata_updated_at":"2026-06-16T15:54:07.104Z","dependent_packages_count":5411,"downloads":754663021,"downloads_period":"last-month","dependent_repos_count":1074368,"rankings":{"downloads":0.0017523089408278125,"dependent_repos_count":0.031897498688506276,"dependent_packages_count":0.016729074419465525,"stargazers_count":1.2528461330374852,"forks_count":2.1437035706580247,"docker_downloads_count":0.009473420211350362,"average":0.57606700099261},"purl":"pkg:npm/json5","advisories":[{"uuid":"GSA_kwCzR0hTQS05YzQ3LW02cXEtN3A0aM4AAwpn","url":"https://github.com/advisories/GHSA-9c47-m6qq-7p4h","title":"Prototype Pollution in JSON5 via Parse Method","description":"The `parse` method of the JSON5 library before and including version `2.2.1` does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute the prototype of the resulting object.\n\nThis vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations.\n\n## Impact\nThis vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution.\n\n## Mitigation\nThis vulnerability is patched in json5 v2.2.2 and later. A patch has also been backported for json5 v1 in versions v1.0.2 and later.\n\n## Details\n \nSuppose a developer wants to allow users and admins to perform some risky operation, but they want to restrict what non-admins can do. To accomplish this, they accept a JSON blob from the user, parse it using `JSON5.parse`, confirm that the provided data does not set some sensitive keys, and then performs the risky operation using the validated data:\n \n```js\nconst JSON5 = require('json5');\n\nconst doSomethingDangerous = (props) =\u003e {\n  if (props.isAdmin) {\n    console.log('Doing dangerous thing as admin.');\n  } else {\n    console.log('Doing dangerous thing as user.');\n  }\n};\n\nconst secCheckKeysSet = (obj, searchKeys) =\u003e {\n  let searchKeyFound = false;\n  Object.keys(obj).forEach((key) =\u003e {\n    if (searchKeys.indexOf(key) \u003e -1) {\n      searchKeyFound = true;\n    }\n  });\n  return searchKeyFound;\n};\n\nconst props = JSON5.parse('{\"foo\": \"bar\"}');\nif (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) {\n  doSomethingDangerous(props); // \"Doing dangerous thing as user.\"\n} else {\n  throw new Error('Forbidden...');\n}\n```\n \nIf the user attempts to set the `isAdmin` key, their request will be rejected:\n \n```js\nconst props = JSON5.parse('{\"foo\": \"bar\", \"isAdmin\": true}');\nif (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) {\n  doSomethingDangerous(props);\n} else {\n  throw new Error('Forbidden...'); // Error: Forbidden...\n}\n```\n \nHowever, users can instead set the `__proto__` key to `{\"isAdmin\": true}`. `JSON5` will parse this key and will set the `isAdmin` key on the prototype of the returned object, allowing the user to bypass the security check and run their request as an admin:\n \n```js\nconst props = JSON5.parse('{\"foo\": \"bar\", \"__proto__\": {\"isAdmin\": true}}');\nif (!secCheckKeysSet(props, ['isAdmin', 'isMod'])) {\n  doSomethingDangerous(props); // \"Doing dangerous thing as admin.\"\n} else {\n  throw new Error('Forbidden...');\n}\n ```","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-12-29T01:51:03.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.1,"cvss_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H","references":["https://github.com/json5/json5/security/advisories/GHSA-9c47-m6qq-7p4h","https://nvd.nist.gov/vuln/detail/CVE-2022-46175","https://github.com/json5/json5/issues/199","https://github.com/json5/json5/issues/295","https://github.com/json5/json5/pull/298","https://github.com/json5/json5/commit/62a65408408d40aeea14c7869ed327acead12972","https://github.com/json5/json5/commit/7774c1097993bc3ce9f0ac4b722a32bf7d6871c8","https://lists.debian.org/debian-lts-announce/2023/11/msg00021.html","https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3S26TLPLVFAJTUN3VIXFDEBEXDYO22CE","https://github.com/advisories/GHSA-9c47-m6qq-7p4h"],"source_kind":"github","identifiers":["GHSA-9c47-m6qq-7p4h","CVE-2022-46175"],"repository_url":"https://github.com/json5/json5","blast_radius":0.0,"created_at":"2022-12-29T02:03:03.187Z","updated_at":"2026-06-07T16:06:00.822Z","epss_percentage":0.42304,"epss_percentile":0.9752,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05YzQ3LW02cXEtN3A0aM4AAwpn","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS05YzQ3LW02cXEtN3A0aM4AAwpn","packages":[{"ecosystem":"npm","package_name":"json5","versions":[{"first_patched_version":"1.0.2","vulnerable_version_range":"\u003c 1.0.2"},{"first_patched_version":"2.2.2","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.2.2"}],"purl":"pkg:npm/json5"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05YzQ3LW02cXEtN3A0aM4AAwpn/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/npm/json5","docker_dependents_count":34024,"docker_downloads_count":9262710655,"usage_url":"https://repos.ecosyste.ms/usage/npm/json5","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/npm/json5/dependencies","status":null,"funding_links":[],"critical":true,"issue_metadata":{"last_synced_at":"2026-04-28T12:35:58.602Z","issues_count":83,"pull_requests_count":52,"avg_time_to_close_issue":15858948.73076923,"avg_time_to_close_pull_request":16520700.45945946,"issues_closed_count":52,"pull_requests_closed_count":37,"pull_request_authors_count":32,"issue_authors_count":76,"avg_comments_per_issue":4.36144578313253,"avg_comments_per_pull_request":2.1346153846153846,"merged_pull_requests_count":24,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":1,"past_year_pull_requests_count":6,"past_year_avg_time_to_close_issue":null,"past_year_avg_time_to_close_pull_request":null,"past_year_issues_closed_count":0,"past_year_pull_requests_closed_count":0,"past_year_pull_request_authors_count":5,"past_year_issue_authors_count":1,"past_year_avg_comments_per_issue":0.0,"past_year_avg_comments_per_pull_request":1.1666666666666667,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":0,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/json5%2Fjson5/issues","maintainers":[{"login":"jordanbtucker","count":21,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jordanbtucker"},{"login":"aseemk","count":3,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/aseemk"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/json5/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/json5/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/json5/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/json5/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/json5/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/packages/json5/codemeta","maintainers":[{"uuid":"jordanbtucker","login":"jordanbtucker","name":null,"email":"jordanbtucker@gmail.com","url":null,"packages_count":11,"html_url":"https://www.npmjs.com/~jordanbtucker","role":null,"created_at":"2022-11-10T11:44:14.620Z","updated_at":"2022-11-10T11:44:14.620Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/jordanbtucker/packages"},{"uuid":"aseemk","login":"aseemk","name":null,"email":"aseem.kishore@gmail.com","url":null,"packages_count":14,"html_url":"https://www.npmjs.com/~aseemk","role":null,"created_at":"2022-11-10T11:44:14.631Z","updated_at":"2022-11-10T11:44:14.631Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/npmjs.org/maintainers/aseemk/packages"}]}