-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to import json files #5633
Comments
Unfortunately, they removed support for importing JSON shortly before the final 1.0 release shipped. See: #5037 Apparently there was some security issue with it. The nature of the issue is unclear to me. |
JSON imports were also rolled back in browser because of the security implications they represented. Deno code is compiled without read access requested to the user(intended behavior, this is harmless), but a JSON file could effectively contain sensitive data from the user. The import/export system can access files from anywhere in the computer, so join these two together and you got a security breach. EDIT: A patch was implemented to request read permissions when reading JSON data, however the solution didn't seem to be the liking of Deno devs. |
@sholladay For Deno the security wasn't much of an issue because we could just apply read permission to JSON imports. The issue is that browsers don't support it. |
Browsers do not provide access to the filesystem, so why did they roll it back? Also, last time I tried to use it, dynamic If we can agree that JSON imports are acceptable so long as permissions are requested, then to me the question arises, "Why not support permissioned static imports of JSON?" |
You can use Deno.readTextFileSync along with JSON.parse const data = JSON.parse(Deno.readTextFileSync('./filename.json')); IMHO it makes more sense to reserve import for modules |
@sholladay the nature of the security issue is discussed here: #3401 (comment) Relying just on the media type to parse JSON leads to security attack vectors that would be hard to close, which is why browsers are disallowing JSON imports. We were relying on the media type, and would have to put in a lot of other checks, of which if browsers have decided to disallow it, it is best we don't try to fight against that. Just having access to the file system isn't a requirement to create a security exploit. |
I agree that permissionless access to data files (of any type, not just JSON) is potentially problematic. Is that what you're referring to? Dynamic |
Not exactly... Code loaded through |
Whenever I have imported JSON files - they were either configuration files or large data files. I'll agree, the first workaround that I thought of was using file system. But the workaround I used was changing the config file to It took 0 effort to do so + no need to allow file system access. For larger files, in all my use cases they were required asynchronously and very few times in any project. Having to use |
@frunkad See import {readJson} from 'https://deno.land/std/fs/mod.ts';
const data = await readJson('/path/to/data.json'); @kitsonk It seems odd that there is a discrepancy between the type that is returned form these functions ( |
There has been recent progress on this within TC39. The proposal for syntax to support loading JSON ES Modules has been proposed: https://github.com/tc39/proposal-import-conditions. It is Stage 2 currently, but we should keep a close eye on it. |
|
Yes, removed in #7255 and #7256. When they were created, the // write
await Deno.writeTextFile('path/to/file.json', JSON.stringify(data));
// write sync
Deno.writeTextFileSync('path/to/file.json', JSON.stringify(data));
// read
JSON.parse(await Deno.readTextFile('path/to/file.json'));
// read sync
JSON.parse(Deno.readTextFileSync('path/to/file.json')); If you want to see the options available in the functions, they can be viewed at the last available versions in |
If I use local paths like:
Then it's ok (probably). But if I want to get some remote json like so (for example):
Then caching mechanisms of Deno won't be applied, and each time I run my Deno script, the file will be downloaded. So I vote for bringing json static imports back! But not permissionless ofc: with support of |
JSON imports: See #7623. Caching: The Deno cache is only for modules, but there is discussion about storage in #1657, and there are existing libraries to help you implement cache management of remote resources. A few examples: deno-sqlite, deno_sqlite_plugin, deno-redis |
@jsejcksn, naah, inventing some own cache management on application level just to import json, - it's a bit overkill in most times. I personally wanted it to quickly hack few things together for personal needs, not to make some production-ready solid business app. I thought that there's already cache for module imports, - they aren't downloaded on each run, so it's very natural to have something like this maybe: import json from "https://jsonplaceholder.typicode.com/todos/1" as "json" ^ When Import Assertions will come to live, at least. or this: import json from "https://jsonplaceholder.typicode.com/todos/1.json" ^ I personally think it should work too, and in most cases should be sufficient, and it was working in some early versions of Deno, it seems. And, actually, I expected it to work... But it turned out json imports are not a thing anymore :( My only concerns here:
Just a little bit of a feedback. Sorry for whining, and thanks for listening. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
It is currently working as designed and this will be addressed under #7623. |
While trying to import any json file, the following error is printed:
Deno Version
Steps to Reproduce
deno run index.ts
As per #1048 also tried
import * as data from './lastRelease.json'
but with the same error.At first, I thought it to be an issue with my machine but tried running the same on a cloud server and it gave the same result.
The text was updated successfully, but these errors were encountered: