CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use
← Back to glossary

JSON.parse & JSON.stringify

javascript ES5 Beginner
debt(d5/e3/b3/t7)
d5 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'specialist tool catches it' (d5). ESLint can detect missing try/catch around JSON.parse and obvious circular reference patterns, but silent data loss from undefined values or Date serialisation requires runtime testing or code review to catch reliably.

e3 Effort Remediation debt — work required to fix once spotted

Closest to 'simple parameterised fix' (e3). The quick_fix is wrapping JSON.parse in try/catch (one-line or simple block addition). Fixing data loss from Date objects or undefined values requires refactoring the parsing/stringifying logic within one component, not cross-cutting changes.

b3 Burden Structural debt — long-term weight of choosing wrong

Closest to 'localised tax' (b3). JSON.parse and JSON.stringify are used throughout web/CLI codebases, but the burden is localised to each call site. Developers must remember the edge cases at each usage point, but no single architectural choice poisons the whole system. The tax is repeated, not load-bearing.

t7 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'serious trap' (t7). The misconception field directly states the trap: JSON.parse appears safe (it's a built-in), but PHP integration breaks the assumption — PHP error pages return HTML, not JSON, causing silent SyntaxError. Additionally, the common_mistakes list reveals multiple gotchas (Date loss, undefined silently dropped, circular references crash) that contradict intuitive expectations of a 'serialisation round-trip'. Developers new to JSON.parse often assume it's always safe or that it preserves all JavaScript types.

About DEBT scoring → scored by claude-haiku-4-5-20251001 · 2026-05-09 · reviewed by human

Also Known As

JSON stringify JSON parse JSON serialisation json_encode counterpart

TL;DR

JSON.stringify converts JS objects to JSON strings; JSON.parse converts them back — direct counterpart to PHP's json_encode/json_decode.

Explanation

JSON.stringify(value, replacer, space) — replacer filters/transforms keys, space pretty-prints. JSON.parse(text, reviver) — reviver transforms parsed values (e.g. date string to Date object). Both throw on invalid input. Circular references throw in stringify. undefined, functions, and Symbol values are omitted from stringified output. PHP json_decode($str, true) returns associative array; without true returns stdClass — know which you're consuming in JavaScript.

Common Misconception

JSON.parse is always safe to call on server responses — always wrap in try/catch; PHP error pages and redirects return HTML not JSON, and JSON.parse on HTML throws SyntaxError.

Why It Matters

Every PHP JSON API response must be parsed, and every request body must be stringified — understanding the edge cases prevents silent data loss and runtime errors.

Common Mistakes

  • Not wrapping JSON.parse in try/catch
  • Losing Date objects (serialised as strings, not revived automatically)
  • undefined values silently dropped by JSON.stringify
  • Circular reference crash in JSON.stringify

Code Examples

✗ Vulnerable 
// Silent failures:
const data = JSON.parse(serverResponse); // Crashes on HTML error page
const payload = JSON.stringify({ id: 1, fn: () => {} }); // fn silently dropped
✓ Fixed 
// Safe parse with fallback:
let data;
try {
    data = JSON.parse(serverResponse);
} catch (e) {
    console.error('Non-JSON response:', serverResponse.slice(0, 200));
    throw new Error('Server returned unexpected format');
}

// Replacer to control output:
const payload = JSON.stringify(obj, (key, val) =>
    typeof val === 'function' ? undefined : val
, 2);
Added 17 Mar 2026
Edited 22 Mar 2026
Views 24

Curated in Warsaw under one editorial standard. 1,445 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings F 0 pings S 1 ping S 0 pings M 1 ping T 0 pings W 0 pings T 0 pings F 1 ping S 0 pings S 1 ping M 0 pings T 0 pings W 0 pings T 0 pings F 2 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 1 ping S 0 pings S 0 pings M 1 ping T 0 pings W 0 pings T 0 pings F 1 ping S
Agents 1
No pings yesterday
Amazonbot 9 Perplexity 3 Unknown AI 3 Google 2 Ahrefs 2 Majestic 1
Also referenced
Fetch API & HTTP Requests 29 AJAX Patterns for PHP Backends 25 JavaScript Error Types & Custom Errors 20
How they use it
crawler 18 crawler_json 1 pre-tracking 1
Related categories
javascript 2.3k
DEV INTEL Tools & Severity
🟡 Medium ⚙ Fix effort: Low
⚡ Quick Fix
Always wrap JSON.parse in try/catch — PHP can return HTML error pages when JSON is expected
📦 Applies To
javascript ES5 web cli
🔗 Prerequisites
🔍 Detection Hints
JSON.parse without try/catch; JSON.stringify on object containing functions or circular references
Auto-detectable: ✓ Yes eslint
⚠ Related Problems
🤖 AI Agent
Confidence: Medium False Positives: Medium ✗ Manual fix Fix: Low Context: Function
CWE-502
✓ schema.org compliant