UNPKG

@winglet/json

Version:

TypeScript library for safe and efficient JSON data manipulation with RFC 6901 (JSON Pointer) and RFC 6902 (JSON Patch) compliance, featuring prototype pollution protection and immutable operations

vincent-kk/albatrion

81 lines (80 loc) 3.55 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
import type { JsonRoot } from '../../../../type'; import type { Patch } from '../type'; /** * Applies a single JSON Patch operation to a source object or array. * * This function is the core implementation for applying individual JSON Patch operations. * It handles path traversal, validation, and delegates the actual operation execution * to specialized handlers based on the target type (object, array, or root). * * The function performs the following key operations: * - Parses and validates JSON Pointer paths * - Handles path escaping/unescaping according to RFC 6901 * - Provides security protection against prototype pollution * - Validates intermediate path segments during traversal * - Delegates final operation to appropriate type-specific handlers * - Provides detailed error information for debugging * * Path traversal follows JSON Pointer specification: * - Paths starting with "/" represent object/array properties * - Empty path ("" or "#") represents the root document * - Special characters (~0, ~1) are unescaped to (~ and /) * - Array indices are validated and converted appropriately * * @param source - The source object or array to apply the patch to * @param patch - A single JSON Patch operation containing op, path, and optional value * @param patchIndex - The index of this patch in the original patches array (for error reporting) * @param strict - Whether to enforce strict validation rules * @param protectPrototype - Whether to prevent prototype pollution attempts * * @see https://datatracker.ietf.org/doc/html/rfc6901 - JSON Pointer specification * @see https://datatracker.ietf.org/doc/html/rfc6902 - JSON Patch specification * * @returns The modified source object/array with the patch operation applied * * @throws {JsonPatchError} When the patch operation fails due to: * - SECURITY_PROTOTYPE_MODIFICATION_FORBIDDEN: Attempt to modify prototype properties * - PATCH_TARGET_NOT_OBJECT: Target of operation is not an object/array when required * - PATCH_PATH_INVALID_INTERMEDIATE: Invalid intermediate value during path traversal * - PATCH_PATH_PROCESSING_ERROR: Unexpected error during path processing * - Additional operation-specific errors from specialized handlers * * @example * ```typescript * const source = { user: { name: "John", age: 30 } }; * const patch = { op: "replace", path: "/user/age", value: 31 }; * * const result = applySinglePatch(source, patch, 0, false, true); * // Returns: { user: { name: "John", age: 31 } } * ``` * * @example * ```typescript * const sourceArray = [1, 2, 3]; * const patch = { op: "add", path: "/1", value: 5 }; * * const result = applySinglePatch(sourceArray, patch, 0, false, true); * // Returns: [1, 5, 2, 3] * ``` * * @example * ```typescript * // Root patch application * const source = { old: "data" }; * const patch = { op: "replace", path: "", value: { new: "data" } }; * * const result = applySinglePatch(source, patch, 0, false, true); * // Returns: { new: "data" } * ``` * * @example * ```typescript * // Security protection - this will throw an error * const source = {}; * const maliciousPatch = { op: "add", path: "/__proto__/isAdmin", value: true }; * * // Throws JsonPatchError with SECURITY_PROTOTYPE_MODIFICATION_FORBIDDEN * applySinglePatch(source, maliciousPatch, 0, false, true); * ``` */ export declare const applySinglePatch: (source: JsonRoot, patch: Patch, patchIndex: number, strict: boolean, protectPrototype: boolean) => any;