Fork from buger/jsonparser: rename module, apply security fixes and enhancements

Module renamed from github.com/buger/jsonparser to github.com/securityguy/jsonparser.

Security fixes:
- Fix GO-2026-4514: Delete() panics on malformed JSON (negative slice index DoS)
- Update Dockerfile base image from golang:1.6 to golang:1.21

Bug fixes:
- Fix EachKey failing to extract values from arrays of strings (PR buger#180)
- Remove duplicate import in parser_test.go (PR buger#263)

New APIs (all additive):
- ArrayEach callback now accepts *error for early termination; DoneError sentinel added (PR buger#134)
- DeleteOnOrig: in-place deletion variant with no allocation (PR buger#256)
- ArrayIterator: lazy closure-based array iteration (PR buger#254)
- GetRaw, EachRawKey: raw JSON byte extraction without type parsing (PR buger#250)

Other:
- go.mod bumped to go 1.18
- benchmark/go.mod updated with replace directive pointing to local module
- CLAUDE.md added for Claude Code guidance

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: securityguy

CLAUDE.md

@@ -0,0 +1,58 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Status
+
+This is a **released, public library** (`github.com/securityguy/jsonparser`). All changes must maintain backwards compatibility.
+
+## Commands
+
+```bash
+make test        # Run tests (10s timeout)
+make race        # Run tests with race detector
+make bench       # Run benchmarks
+make fmt         # Format code
+make vet         # Go vet
+```
+
+Run a single test:
+```bash
+go test -v -run TestGetString .
+```
+
+## Architecture
+
+**jsonparser** is a high-performance, zero-allocation JSON parser for Go. It provides direct field access by key path without requiring Go structs.
+
+### Core Files
+
+- `parser.go` — Public API and main parsing logic (`Get`, `Set`, `Delete`, `ArrayEach`, `ObjectEach`, `EachKey`)
+- `escape.go` — Unicode/UTF-16 escape sequence decoding
+- `bytes.go` — Custom integer/float parsing (~2x faster than `strconv` for JSON numbers)
+- `bytes_unsafe.go` / `bytes_safe.go` — Platform-specific byte↔string conversions; `bytes_unsafe.go` is used by default (build tag `!appengine`), `bytes_safe.go` for AppEngine (`appengine` tag)
+
+### Key Design Principles
+
+- **Zero allocation**: The parser avoids heap allocations on hot paths. Avoid changes that introduce allocations in `Get`, `ArrayEach`, `ObjectEach`, or `EachKey`.
+- **No schema**: Returns `[]byte` slices into the original data; callers convert types via helpers like `GetString`, `GetInt`, `GetFloat`.
+- **`EachKey` is the fastest multi-path API**: It scans the JSON once for multiple keys simultaneously.
+
+### Value Types
+
+```go
+const (
+    NotExist ValueType = iota
+    String
+    Number
+    Object
+    Array
+    Boolean
+    Null
+    Unknown
+)
+```
+
+### Benchmarks
+
+The `benchmark/` directory has its own `go.mod` and compares against ffjson, easyjson, and codecgen. Run separately with `cd benchmark && go test -bench=.`.

Dockerfile

@@ -1,4 +1,7 @@
-FROM golang:1.6
+FROM golang:1.21
+
+WORKDIR /go/src/github.com/securityguy/jsonparser
+ADD . /go/src/github.com/securityguy/jsonparser
 
 RUN go get github.com/Jeffail/gabs
 RUN go get github.com/bitly/go-simplejson
@@ -7,6 +10,3 @@ RUN go get github.com/antonholmquist/jason
 RUN go get github.com/mreiferson/go-ujson
 RUN go get -tags=unsafe -u github.com/ugorji/go/codec
 RUN go get github.com/mailru/easyjson
-
-WORKDIR /go/src/github.com/buger/jsonparser
-ADD . /go/src/github.com/buger/jsonparser

Makefile

@@ -1,6 +1,6 @@
 SOURCE = parser.go
 CONTAINER = jsonparser
-SOURCE_PATH = /go/src/github.com/buger/jsonparser
+SOURCE_PATH = /go/src/github.com/securityguy/jsonparser
 BENCHMARK = JsonParser
 BENCHTIME = 5s
 TEST = .

README.md

@@ -1,7 +1,7 @@
-[![Go Report Card](https://goreportcard.com/badge/github.com/buger/jsonparser)](https://goreportcard.com/report/github.com/buger/jsonparser) ![License](https://img.shields.io/dub/l/vibe-d.svg)
+[![Go Report Card](https://goreportcard.com/badge/github.com/securityguy/jsonparser)](https://goreportcard.com/report/github.com/securityguy/jsonparser) ![License](https://img.shields.io/dub/l/vibe-d.svg)
 # Alternative JSON parser for Go (10x times faster standard library)
 
-**This library was forked from buger/jsonparser on March 18, 2026.**
+**This library is a fork of [buger/jsonparser](https://github.com/buger/jsonparser), maintained at github.com/securityguy/jsonparser.**
 
 It does not require you to know the structure of the payload (eg. create structs), and allows accessing fields by providing the path to them. It is up to **10 times faster** than standard `encoding/json` package (depending on payload size and usage), **allocates no memory**. See benchmarks below.
 
@@ -17,7 +17,7 @@ Goal of this project is to push JSON parser to the performance limits and not sa
 For the given JSON our goal is to extract the user's full name, number of github followers and avatar.
 
 ```go
-import "github.com/buger/jsonparser"
+import "github.com/securityguy/jsonparser"
 
 ...
 
@@ -96,7 +96,7 @@ jsonparser.EachKey(data, func(idx int, value []byte, vt jsonparser.ValueType, er
 
 Library API is really simple. You just need the `Get` method to perform any operation. The rest is just helpers around it.
 
-You also can view API at [godoc.org](https://godoc.org/github.com/buger/jsonparser)
+You also can view API at [pkg.go.dev](https://pkg.go.dev/github.com/securityguy/jsonparser)
 
 
 ### **`Get`**
@@ -250,7 +250,7 @@ Compared libraries:
 * https://github.com/ugorji/go/codec
 * https://github.com/pquerna/ffjson
 * https://github.com/mailru/easyjson
-* https://github.com/buger/jsonparser
+* https://github.com/securityguy/jsonparser
 
 #### TLDR
 If you want to skip next sections we have 2 winner: `jsonparser` and `easyjson`.
@@ -270,7 +270,7 @@ With great power comes great responsibility! :)
 
 Each test processes 190 bytes of http log as a JSON record.
 It should read multiple fields.
-https://github.com/buger/jsonparser/blob/master/benchmark/benchmark_small_payload_test.go
+https://github.com/securityguy/jsonparser/blob/master/benchmark/benchmark_small_payload_test.go
 
 Library | time/op | bytes/op | allocs/op 
  ------ | ------- | -------- | -------
@@ -295,7 +295,7 @@ If you look at memory allocation, jsonparser has no rivals, as it makes no data
 Each test processes a 2.4kb JSON record (based on Clearbit API).
 It should read multiple nested fields and 1 array.
 
-https://github.com/buger/jsonparser/blob/master/benchmark/benchmark_medium_payload_test.go
+https://github.com/securityguy/jsonparser/blob/master/benchmark/benchmark_medium_payload_test.go
 
 | Library | time/op | bytes/op | allocs/op |
 | ------- | ------- | -------- | --------- |
@@ -324,7 +324,7 @@ Each test processes a 24kb JSON record (based on Discourse API)
 It should read 2 arrays, and for each item in array get a few fields.
 Basically it means processing a full JSON file.
 
-https://github.com/buger/jsonparser/blob/master/benchmark/benchmark_large_payload_test.go
+https://github.com/securityguy/jsonparser/blob/master/benchmark/benchmark_large_payload_test.go
 
 | Library | time/op | bytes/op | allocs/op |
 | --- | --- | --- | --- |

benchmark/benchmark_delete_test.go

@@ -3,7 +3,7 @@ package benchmark
 import (
 	"testing"
 
-	"github.com/buger/jsonparser"
+	"github.com/securityguy/jsonparser"
 )
 
 func BenchmarkDeleteSmall(b *testing.B) {

benchmark/benchmark_large_payload_test.go

@@ -6,7 +6,7 @@
 package benchmark
 
 import (
-	"github.com/buger/jsonparser"
+	"github.com/securityguy/jsonparser"
 	"testing"
 	// "github.com/Jeffail/gabs"
 	// "github.com/bitly/go-simplejson"
@@ -19,16 +19,16 @@ import (
 )
 
 /*
-   github.com/buger/jsonparser
+   github.com/securityguy/jsonparser
 */
 func BenchmarkJsonParserLarge(b *testing.B) {
 	for i := 0; i < b.N; i++ {
-		jsonparser.ArrayEach(largeFixture, func(value []byte, dataType jsonparser.ValueType, offset int, err error) {
+		jsonparser.ArrayEach(largeFixture, func(value []byte, dataType jsonparser.ValueType, offset int, err *error) {
 			jsonparser.Get(value, "username")
 			nothing()
 		}, "users")
 
-		jsonparser.ArrayEach(largeFixture, func(value []byte, dataType jsonparser.ValueType, offset int, err error) {
+		jsonparser.ArrayEach(largeFixture, func(value []byte, dataType jsonparser.ValueType, offset int, err *error) {
 			jsonparser.GetInt(value, "id")
 			jsonparser.Get(value, "slug")
 			nothing()

benchmark/benchmark_medium_payload_test.go

@@ -12,7 +12,7 @@ import (
 	"github.com/a8m/djson"
 	"github.com/antonholmquist/jason"
 	"github.com/bitly/go-simplejson"
-	"github.com/buger/jsonparser"
+	"github.com/securityguy/jsonparser"
 	jlexer "github.com/mailru/easyjson/jlexer"
 	"github.com/mreiferson/go-ujson"
 	"github.com/pquerna/ffjson/ffjson"
@@ -23,15 +23,15 @@ import (
 )
 
 /*
-   github.com/buger/jsonparser
+   github.com/securityguy/jsonparser
 */
 func BenchmarkJsonParserMedium(b *testing.B) {
 	for i := 0; i < b.N; i++ {
 		jsonparser.Get(mediumFixture, "person", "name", "fullName")
 		jsonparser.GetInt(mediumFixture, "person", "github", "followers")
 		jsonparser.Get(mediumFixture, "company")
 
-		jsonparser.ArrayEach(mediumFixture, func(value []byte, dataType jsonparser.ValueType, offset int, err error) {
+		jsonparser.ArrayEach(mediumFixture, func(value []byte, dataType jsonparser.ValueType, offset int, err *error) {
 			jsonparser.Get(value, "url")
 			nothing()
 		}, "person", "gravatar", "avatars")
@@ -69,7 +69,7 @@ func BenchmarkJsonParserEachKeyManualMedium(b *testing.B) {
 			case 2:
 			// jsonparser.ParseString(value)
 			case 3:
-				jsonparser.ArrayEach(value, func(avalue []byte, dataType jsonparser.ValueType, offset int, err error) {
+				jsonparser.ArrayEach(value, func(avalue []byte, dataType jsonparser.ValueType, offset int, err *error) {
 					jsonparser.Get(avalue, "url")
 				})
 			}
@@ -105,7 +105,7 @@ func BenchmarkJsonParserEachKeyStructMedium(b *testing.B) {
 				json.Unmarshal(value, &data.Company) // we don't have a JSON -> map[string]interface{} function yet, so use standard encoding/json here
 			case 3:
 				var avatars []*CBAvatar
-				jsonparser.ArrayEach(value, func(avalue []byte, dataType jsonparser.ValueType, offset int, err error) {
+				jsonparser.ArrayEach(value, func(avalue []byte, dataType jsonparser.ValueType, offset int, err *error) {
 					url, _ := jsonparser.ParseString(avalue)
 					avatars = append(avatars, &CBAvatar{Url: url})
 				})
@@ -141,7 +141,7 @@ func BenchmarkJsonParserObjectEachStructMedium(b *testing.B) {
 				missing--
 			case bytes.Equal(k, gravatarKey):
 				var avatars []*CBAvatar
-				jsonparser.ArrayEach(v, func(avalue []byte, dataType jsonparser.ValueType, offset int, err error) {
+				jsonparser.ArrayEach(v, func(avalue []byte, dataType jsonparser.ValueType, offset int, err *error) {
 					url, _ := jsonparser.ParseString(avalue)
 					avatars = append(avatars, &CBAvatar{Url: url})
 				}, "avatars")

benchmark/benchmark_set_test.go

@@ -1,7 +1,7 @@
 package benchmark
 
 import (
-	"github.com/buger/jsonparser"
+	"github.com/securityguy/jsonparser"
 	"strconv"
 	"testing"
 )

benchmark/benchmark_small_payload_test.go

@@ -12,7 +12,7 @@ import (
 	"github.com/a8m/djson"
 	"github.com/antonholmquist/jason"
 	"github.com/bitly/go-simplejson"
-	"github.com/buger/jsonparser"
+	"github.com/securityguy/jsonparser"
 	jlexer "github.com/mailru/easyjson/jlexer"
 	"github.com/mreiferson/go-ujson"
 	"github.com/pquerna/ffjson/ffjson"
@@ -26,7 +26,7 @@ import (
 func nothing(_ ...interface{}) {}
 
 /*
-   github.com/buger/jsonparser
+   github.com/securityguy/jsonparser
 */
 func BenchmarkJsonParserSmall(b *testing.B) {
 	for i := 0; i < b.N; i++ {

benchmark/go.mod

@@ -6,10 +6,12 @@ require (
 	github.com/antonholmquist/jason v1.0.0
 	github.com/bitly/go-simplejson v0.5.0
 	github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 // indirect
-	github.com/buger/jsonparser v0.0.0-20181115193947-bf1c66bbce23
+	github.com/securityguy/jsonparser v0.0.0-00010101000000-000000000000
 	github.com/kr/pretty v0.1.0 // indirect
 	github.com/mailru/easyjson v0.0.0-20190403194419-1ea4449da983
 	github.com/mreiferson/go-ujson v0.0.0-20160507014224-e88340868a14
 	github.com/pquerna/ffjson v0.0.0-20181028064349-e517b90714f7
 	github.com/ugorji/go v1.1.4
 )
+
+replace github.com/securityguy/jsonparser => ../