JSON

The 2017 international standard (ECMA-404 and ISO/IEC 21778:2017) specifies that "JSON" is "pronounced /ˈdʒeɪ.sən/, as in 'Jason and The Argonauts'".^[2][3] The first (2013) edition of ECMA-404 did not address the pronunciation.^[4] Crockford said in 2011, "There's a lot of argument about how you pronounce that, but I strictly don't care."^[1] /ˈdʒeɪˌsɒn/ is another common pronunciation.^[5]

After RFC 4627 had been available as its "informational" specification since 2006, JSON was first standardized in 2013, as ECMA-404.^[4] RFC 8259, published in 2017, is the current version of the Internet Standard STD 90, and it remains consistent with ECMA-404.^[6] That same year, JSON was also standardized as ISO/IEC 21778:2017.^[2] The ECMA and ISO/IEC standards describe only the allowed syntax, whereas the RFC covers some security and interoperability considerations.^[7]

JSON grew out of a need for a real-time server-to-browser session communication protocol without using browser plugins such as Flash or Java applets, the dominant methods used in the early 2000s.^[8]

Crockford first specified and popularized the JSON format.^[1] The acronym originated at State Software, a company cofounded by Crockford and others in March 2001. The cofounders agreed to build a system that used standard browser capabilities and provided an abstraction layer for Web developers to create stateful Web applications that had a persistent duplex connection to a Web server by holding two Hypertext Transfer Protocol (HTTP) connections open and recycling them before standard browser time-outs if no further data were exchanged. The cofounders had a round-table discussion and voted on whether to call the data format JSML (JavaScript Markup Language) or JSON (JavaScript Object Notation), as well as under what license type to make it available. The JSON.org^[9] website was launched in 2001. In December 2005, Yahoo! began offering some of its Web services in JSON.^[10]

A precursor to the JSON libraries was used in a children's digital asset trading game project named Cartoon Orbit at Communities.com ^{[citation needed]} which used a browser side plug-in with a proprietary messaging format to manipulate DHTML elements. Upon discovery of early Ajax capabilities, digiGroups, Noosh, and others used frames to pass information into the user browsers' visual field without refreshing a Web application's visual context, realizing real-time rich Web applications using only the standard HTTP, HTML, and JavaScript capabilities of Netscape 4.0.5+ and Internet Explorer 5+. Crockford then found that JavaScript could be used as an object-based messaging format for such a system. The system was sold to Sun Microsystems, Amazon.com, and EDS.

JSON was based on a subset of the JavaScript scripting language (specifically, Standard ECMA-262 3rd Edition—December 1999^[11]) and is commonly used with JavaScript, but it is a language-independent data format. Code for parsing and generating JSON data is readily available in many programming languages. JSON's website lists JSON libraries by language.

In October 2013, Ecma International published the first edition of its JSON standard ECMA-404.^[4] That same year, RFC 7158 used ECMA-404 as a reference. In 2014, RFC 7159 became the main reference for JSON's Internet uses, superseding RFC 4627 and RFC 7158 (but preserving ECMA-262 and ECMA-404 as main references). In November 2017, ISO/IEC JTC 1/SC 22 published ISO/IEC 21778:2017^[2] as an international standard. On December 13, 2017, the Internet Engineering Task Force obsoleted RFC 7159 when it published RFC 8259, which is the current version of the Internet Standard STD 90.^[12][13]

Crockford added a clause to the JSON license stating, "The Software shall be used for Good, not Evil", in order to open-source the JSON libraries while mocking corporate lawyers and those who are overly pedantic. On the other hand, this clause led to license compatibility problems of the JSON license with other open-source licenses since open-source software and free software usually imply no restrictions on the purpose of use.^[14]

The following example shows a possible JSON representation describing a person.

{
  "first_name": "John",
  "last_name": "Smith",
  "is_alive": true,
  "age": 27,
  "address": {
    "street_address": "21 2nd Street",
    "city": "New York",
    "state": "NY",
    "postal_code": "10021-3100"
  },
  "phone_numbers": [
    {
      "type": "home",
      "number": "212 555-1234"
    },
    {
      "type": "office",
      "number": "646 555-4567"
    }
  ],
  "children": [
    "Catherine",
    "Thomas",
    "Trevor"
  ],
  "spouse": null
}

Although Crockford originally asserted that JSON is a strict subset of JavaScript and ECMAScript,^[15] his specification actually allows valid JSON documents that are not valid JavaScript; JSON allows the Unicode line terminators U+2028 LINE SEPARATOR and U+2029 PARAGRAPH SEPARATOR to appear unescaped in quoted strings, while ECMAScript 2018 and older do not.^[16][17] This is a consequence of JSON disallowing only "control characters". For maximum portability, these characters are backslash-escaped.

JSON exchange in an open ecosystem must be encoded in UTF-8.^[6] The encoding supports the full Unicode character set, including those characters outside the Basic Multilingual Plane (U+0000 to U+FFFF). However, if escaped, those characters must be written using UTF-16 surrogate pairs. For example, to include the Emoji character U+1F610 😐 NEUTRAL FACE in JSON:

{ "face": "😐" }
// or
{ "face": "\uD83D\uDE10" }

JSON became a strict subset of ECMAScript as of the language's 2019 revision.^[17][18]

JSON's basic data types are:

• Number: a signed decimal number that may contain a fractional part and may use exponential E notation but cannot include non-numbers such as NaN. The format makes no distinction between integer and floating-point. JavaScript uses IEEE-754 double-precision floating-point format for all its numeric values (later also supporting BigInt^[19]), but other languages implementing JSON may encode numbers differently.
• String: a sequence of zero or more Unicode characters. Strings are delimited with double quotation marks and support a backslash escaping syntax.
• Boolean: either of the values true or false
• Array: an ordered list of zero or more elements, each of which may be of any type. Arrays use square bracket notation with comma-separated elements.
• Object: a collection of name–value pairs where the names (also called keys) are strings. The current ECMA standard states, "The JSON syntax does not impose any restrictions on the strings used as names, does not require that name strings be unique, and does not assign any significance to the ordering of name/value pairs."^[20] Objects are delimited with curly brackets and use commas to separate each pair, while within each pair, the colon ":" character separates the key or name from its value.
• null: an empty value, using the word null

Whitespace is allowed and ignored around or between syntactic elements (values and punctuation, but not within a string value). Four specific characters are considered whitespace for this purpose: space, horizontal tab, line feed, and carriage return. In particular, the byte order mark must not be generated by a conforming implementation (though it may be accepted when parsing JSON). JSON does not provide syntax for comments.^[21]

Early versions of JSON (such as specified by RFC 4627) required that a valid JSON text must consist of only an object or an array type, which could contain other types within them. This restriction was dropped in RFC 7158, where a JSON text was redefined as any serialized value.

Numbers in JSON are agnostic with regard to their representation within programming languages. While this allows for numbers of arbitrary precision to be serialized, it may lead to portability issues. For example, since no differentiation is made between integer and floating-point values, some implementations may treat 42, 42.0, and 4.2E+1 as the same number, while others may not. The JSON standard makes no requirements regarding implementation details such as overflow, underflow, loss of precision, rounding, or signed zeros, but it does recommend expecting no more than IEEE 754 binary64 precision for "good interoperability". There is no inherent precision loss in serializing a machine-level binary representation of a floating-point number (like binary64) into a human-readable decimal representation (like numbers in JSON) and back; there exist published algorithms to do this conversion exactly and optimally.^[22]

Comments were intentionally excluded from JSON. In 2012, Douglas Crockford described his design decision thus: "I removed comments from JSON because I saw people were using them to hold parsing directives, a practice which would have destroyed interoperability."^[21]

JSON disallows "trailing commas", a comma after the last value inside a data structure.^[23] Trailing commas are a common feature of JSON derivatives to improve ease of use.^[24]

RFC 8259 describes certain aspects of JSON syntax that, while legal per the specifications, can cause interoperability problems.

• Certain JSON implementations only accept JSON texts representing an object or an array. For interoperability, applications interchanging JSON should transmit messages that are objects or arrays.
• The specifications allow JSON objects that contain multiple members with the same name. The behavior of implementations processing objects with duplicate names is unpredictable. For interoperability, applications should avoid duplicate names when transmitting JSON objects.
• The specifications specifically say that the order of members in JSON objects is not significant. For interoperability, applications should avoid assigning meaning to member ordering even if the parsing software makes that ordering visible.
• While the specifications place no limits on the magnitude or precision of JSON number literals, the widely used JavaScript implementation stores them as IEEE754 "binary64" quantities. For interoperability, applications should avoid transmitting numbers that cannot be represented in this way, for example, 1E400 or 3.141592653589793238462643383279.
• While the specifications do not constrain the character encoding of the Unicode characters in a JSON text, the vast majority of implementations assume UTF-8 encoding; for interoperability, applications should always and only encode JSON messages in UTF-8.
• The specifications do not forbid transmitting byte sequences that incorrectly represent Unicode characters. For interoperability, applications should transmit messages containing no such byte sequences.
• The specification does not constrain how applications go about comparing Unicode strings. For interoperability, applications should always perform such comparisons code unit by code unit.

In 2015, the IETF published RFC 7493, describing the "I-JSON Message Format", a restricted profile of JSON that constrains the syntax and processing of JSON to avoid, as much as possible, these interoperability issues.

While JSON provides a syntactic framework for data interchange, unambiguous data interchange also requires agreement between producer and consumer on the semantics of specific use of the JSON syntax.^[25] One example of where such an agreement is necessary is the serialization of data types that are not part of the JSON standard, for example, dates and regular expressions.

The official MIME type for JSON text is application/json,^[26] and most modern implementations have adopted this. Legacy MIME types include text/json, text/x-json, and text/javascript.^[27] The standard filename extension is .json.^[28]

JSON Schema specifies a JSON-based format to define the structure of JSON data for validation, documentation, and interaction control. It provides a contract for the JSON data required by a given application and how that data can be modified.^[29] JSON Schema is based on the concepts from XML Schema (XSD) but is JSON-based. As in XSD, the same serialization/deserialization tools can be used both for the schema and data, and it is self-describing. It is specified in an Internet Draft at the IETF, with the latest version as of 2024 being "Draft 2020-12".^[30] There are several validators available for different programming languages,^[31] each with varying levels of conformance.

The JSON standard does not support object references, but an IETF draft standard for JSON-based object references exists.^[32]

JSON-RPC is a remote procedure call (RPC) protocol built on JSON, as a replacement for XML-RPC or SOAP. It is a simple protocol that defines only a handful of data types and commands. JSON-RPC lets a system send notifications (information to the server that does not require a response) and multiple calls to the server that can be answered out of order.

Asynchronous JavaScript and JSON (or AJAJ) refers to the same dynamic web page methodology as Ajax, but instead of XML, JSON is the data format. AJAJ is a web development technique that provides for the ability of a web page to request new data after it has loaded into the web browser. Typically, it renders new data from the server in response to user actions on that web page. For example, what the user types into a search box, client-side code then sends to the server, which immediately responds with a drop-down list of matching database items.

JSON has seen ad hoc usage as a configuration language. However, it does not support comments. In 2012, Douglas Crockford, JSON creator, had this to say about comments in JSON when used as a configuration language: "I know that the lack of comments makes some people sad, but it shouldn't. Suppose you are using JSON to keep configuration files, which you would like to annotate. Go ahead and insert all the comments you like. Then pipe it through JSMin^[33] before handing it to your JSON parser."^[21]

MongoDB uses JSON-like data for its document-oriented database.

Some relational databases have added support for native JSON data types, such as JSONB in PostgreSQL^[34] and JSON in MySQL.^[35] This allows developers to insert JSON data directly without having to convert it to another format.

JSON being a subset of JavaScript can lead to the misconception that it is safe to pass JSON texts to the JavaScript eval() function. This is not safe, due to certain valid JSON texts, specifically those containing U+2028 LINE SEPARATOR or U+2029 PARAGRAPH SEPARATOR, not being valid JavaScript code until JavaScript specifications were updated in 2019, and so older engines may not support it.^[36] To avoid the many pitfalls caused by executing arbitrary code from the Internet, a new function, JSON.parse(), was first added to the fifth edition of ECMAScript,^[37] which as of 2017 is supported by all major browsers. For non-supported browsers, an API-compatible JavaScript library is provided by Douglas Crockford.^[38] In addition, the TC39 proposal "Subsume JSON" made ECMAScript a strict JSON superset as of the language's 2019 revision.^[17][18] Various JSON parser implementations have suffered from denial-of-service attack and mass assignment vulnerability.^[39][40]

JSON is promoted as a low-overhead alternative to XML as both of these formats have widespread support for creation, reading, and decoding in the real-world situations where they are commonly used.^[41] Apart from XML, examples could include CSV and supersets of JSON. Google Protocol Buffers can fill this role, although it is not a data interchange language. CBOR has a superset of the JSON data types, but it is not text-based. Ion is also a superset of JSON, with a wider range of primary types, annotations, comments, and allowing trailing commas.^[42]

XML has been used to describe structured data and to serialize objects. Various XML-based protocols exist to represent the same kind of data structures as JSON for the same kind of data interchange purposes. Data can be encoded in XML in several ways. The most expansive form using tag pairs results in a much larger (in character count) representation than JSON, but if data is stored in attributes and short tag form where the closing tag is replaced with />, the representation is often about the same size as JSON or just a little larger. However, an XML attribute can only have a single value and each attribute can appear at most once on each element.

XML separates data from metadata (via the use of elements and attributes), while JSON does not have such a concept.

Another key difference is the addressing of values. JSON has objects with a simple key-to-value mapping, whereas in XML addressing happens on nodes, each of which receives a unique ID via the XML processor. Additionally, the XML standard defines a common attribute xml:id, that can be used by the user, to set an ID explicitly.

XML tag names cannot contain any of the characters !"#$%&'()*+,/;<=>?@[\]^`{|}~, nor a space character, and cannot begin with -, ., or a numeric digit, whereas JSON keys can (even if quotation mark and backslash must be escaped).^[43]

XML values are strings of characters, with no built-in type safety. XML has the concept of schema, that permits strong typing, user-defined types, predefined tags, and formal structure, allowing for formal validation of an XML stream. JSON has several types built-in and has a similar schema concept in JSON Schema.

XML supports comments, while JSON does not.^[44][21]

Support for comments and other features have been deemed useful, which has led to several nonstandard JSON supersets being created. Among them are HJSON,^[45] HOCON, and JSON5 (which despite its name, is not the fifth version of JSON).^[46][47]

YAML version 1.2 is a superset of JSON; prior versions were not strictly compatible. For example, escaping a slash / with a backslash \ is valid in JSON, but was not valid in YAML.^[48] YAML supports comments, while JSON does not.^[48][46][21]

CSON ("CoffeeScript Object Notation") uses significant indentation and unquoted keys, and assumes an outer object declaration. It was used for configuring GitHub's Atom text editor.^[49][50][51]

There is also an unrelated project called CSON ("Cursive Script Object Notation") that is more syntactically similar to JSON.^[52]

HOCON ("Human-Optimized Config Object Notation") is a format for human-readable data, and a superset of JSON.^[53] The uses of HOCON are:

• It is used mostly along with the Play Framework,^[54] and is developed by Lightbend.
• It is also supported as a configuration format for .NET projects via Akka.NET^[55][56] and Puppet.^[57]
• TIBCO Streaming:^[58] HOCON is the primary configuration file format for the TIBCO Streaming^[59] family of products (StreamBase, LiveView, and Artifact Management Server) as of TIBCO Streaming Release 10.^[60]
• It is also the primary configuration file format for several subsystems of Exabeam Advanced Analytics.^[61]
• Jitsi uses it as the "new" config system and .properties-Files as fallback^[62][63]

JSON5 ("JSON5 Data Interchange Format") is an extension of JSON syntax that, like JSON, is also valid JavaScript syntax. The specification was started in 2012 and finished in 2018 with version 1.0.0.^[64] The main differences to JSON syntax are:

• Optional trailing commas
• Unquoted object keys
• Single quoted and multiline strings
• Additional number formats
• Comments

JSON5 syntax is supported in some software as an extension of JSON syntax, for instance in SQLite.^[65]

JSONC (JSON with Comments) is a subset of JSON5 used in Microsoft's Visual Studio Code:^[66]

• supports single-line comments (//) and block comments (/* */)
• accepts trailing commas, but they are discouraged and the editor will display a warning

Several serialization formats have been built on or from the JSON specification. Examples include

• GeoJSON, a format designed for representing simple geographical features^[67][68]

• JSON-LD, a method of encoding linked data using JSON^[69][70]
• JSON-RPC, a remote procedure call protocol encoded in JSON^[71]
• JsonML, a lightweight markup language used to map between XML and JSON^[72][73]
• Smile (data interchange format)^[74][75]
• UBJSON, a binary computer data interchange format imitating JSON, but requiring fewer bytes of data^[76][77]

• Jsonnet is a prototype-based domain-specific language that produces JSON files. All JSON documents are valid Jsonnet programs that will be emitted unchanged when run. Jsonnet extends JSON by supporting variables, imports, loops, comments, etc.^[78][79] Jsonnet is used as a configuration language for cloud infrastructure engineering.^[80]

• BSON
• Comparison of data serialization formats
• Extensible Data Notation
• Amazon Ion – a superset of JSON (though limited to UTF-8, like JSON for interchange, unlike general JSON)
• Jackson (API)
• jaql – a functional data processing and query language most commonly used for JSON query processing
• jq – a "JSON query language" and high-level programming language
• JSONiq – a JSON-oriented query and processing language based on XQuery
• JSON streaming
• S-expression