json-database-st — Secure, Indexed JSON DB for Node.js

Quickstart

// CommonJS
const JSONDatabase = require('json-database-st')
const path = require('path')

// Pro-tip: generate a 32-byte key once and keep it in env
// const ENCRYPTION_KEY = require('crypto').randomBytes(32).toString('hex')

const db = new JSONDatabase(path.join(__dirname, 'data.json'), {
  encryptionKey: process.env.DB_KEY,                // 64-char hex
  indices: [ { name: 'user-email', path: 'users', field: 'email', unique: true } ]
})

await db.set('users.alice', { email: 'alice@example.com', name: 'Alice' })
const alice = await db.findByIndex('user-email', 'alice@example.com')
console.log(alice)

await db.transaction(data => { data.users.alice.lastLogin = Date.now(); return data })
await db.close()

Works with ESM too. Ship in CLIs, Electron/Tauri apps, tiny services, or scripts.

Why devs pick json-database-st

🔐

Encryption at rest

AES-256-GCM on disk. Wrong key or tampered file? It fails safe.

🧭

Indexed lookups

Define indexes and get O(1) findByIndex() lookups. No full scans.

🧱

Atomic, durable writes

Temp-file + rename, recovery on crash, and queued operations for safety.

🧪

Schema validation

Use Zod/Joi — every persisted write can pass your safeParse.

📢

Events & DX

Promise API + write, change, error events for reactive flows.

🧰

Transactions & batch

Multi-step changes with transaction() and efficient batch().

Built for read-heavy workloads

Indexed reads are sub-millisecond at 1M+ records. Updates rewrite safely to keep ACID guarantees. Check the full benchmark report for numbers, methodology, and trade-offs.

Open benchmark report →

Where it shines / where to chill

Local-first apps, CLIs, config/state files, session stores
Micro-services with ~95% reads and occasional updates
Single-process usage — one Node writer per DB file

Know the limits

Loads the file into memory on init — pick sizes that fit RAM
Not a replacement for Postgres/Mongo/SQLite for huge or highly concurrent workloads