JSONYard Blog

Short, practical notes about working with JSON. No "ultimate guides", no buzzwords — just things we learned while building the tools on this site.

Latest

JSON security pitfalls every API developer should know

Prototype pollution, JSON-text injection, deeply-nested DoS, BigInt DoS — the JSON-related vulnerabilities that ship in real APIs, with the smallest fix for each.

When to ditch JSON for BSON, MessagePack, or Protobuf

The honest switching points where binary formats start to earn their complexity, and the parts of "JSON sucks here" that are usually a database problem in disguise.

JSON formatting: 2 spaces vs 4 spaces vs tabs

Why 2-space indentation has won everywhere, the niches where 4 or tabs still make sense, and the three other decisions (key order, line length, trailing newline) that matter when JSON ends up in git.

Why your JSON IDs are wrong: the BigInt precision problem

JSON numbers above 253−1 silently round in JavaScript and most ORMs. The mechanism, the exact failure mode, and five workarounds that survive production.

All posts

Converting JSON to CSV without losing nested data

Four strategies — flatten, JSON-encode, explode, split — for getting nested JSON through CSV without dropping rows or columns. When to pick which.

JSON Lines, NDJSON, and how to handle streaming JSON

JSONL and NDJSON are the same format with different brand names. How to write it, stream-parse it, and the six pitfalls that bite people.

JSON Schema in 10 minutes — the keywords that matter

The dozen keywords that earn their keep on real APIs, the ones safe to skip, and the three traps that catch every team.

How to fix the most common JSON parse errors

Trailing commas, single quotes, unescaped characters, and the quiet ones (BOM, NBSP, smart quotes). What each error looks like and the smallest fix.

JSON vs YAML vs XML: when to use which

Three formats, real tradeoffs. Performance, readability, schema, ecosystem — what to use for APIs, configuration, and document data.

JSONPath syntax: a practical cheat sheet

Wildcards, slices, filters, recursive descent — the bits of JSONPath you actually use, with every operator illustrated against the same sample.

What's coming

  • The strangest valid JSON I've seen
  • JSON over WebSocket vs Server-Sent Events
  • JSON canonicalization (JCS / RFC 8785) for signatures