How to validate json configuration files before deployment
- Step 1Drop the config file — Drag
app.config.json,appsettings.json,cloudformation.json, or a*.tfvars.jsononto the dropzone. Parsing runs in your browser; the file is never uploaded. Free tier accepts up to 2 MB, one file at a time. - Step 2Click Validate — The parser is strict RFC 8259 — the 'Strict mode' checkbox is shown but does not enable comment/trailing-comma tolerance. Click Validate to run
JSON.parseon the file. - Step 3Fix the reported position — On a red result, the banner shows the parser message and the character offset. Common config culprits: trailing comma, unescaped backslash in a Windows path (
C:\Usersmust beC:\\Users), and single quotes. - Step 4Verify the parsed structure on success — On green, read the 'Parsed output' panel. A missing comma between two blocks can make
JSON.parseaccept the file but with values nested differently than you intended — the pretty print makes that visible. (On-screen preview truncates at 5,000 chars; Copy gives the full output.) - Step 5If it's JSONC, switch loaders or strip comments — If the file is tsconfig.json/eslintrc, the rejection is expected. Either keep using the JSONC-aware tool that owns it (TypeScript, ESLint) or, when a strict-JSON step truly needs it, strip comments first with json-format-fixer.
- Step 6Gate it in your deploy pipeline — Make validation non-optional:
find . -name '*.json' -not -path './node_modules/*' | xargs -I{} sh -c 'jq empty {} || (echo BAD {}; exit 1)'. Run it before the deploy step so a bad config can never reach an environment.
Common config-file mistakes and the V8 verdict
Verified against JSON.parse. Hand-edited config files accumulate exactly these. 'Status' is whether a strict parser (and your deploy) accepts the file.
| Config mistake | Example | Verdict | Parser message (abbreviated) |
|---|---|---|---|
| Trailing comma | {"port":80,} | Rejected | Expected double-quoted property name … |
| Unescaped Windows path | {"path":"C:\Users"} | Rejected | Bad escaped character … (need \\) |
| Single quotes | {'port':80} | Rejected | Expected property name or '}' … |
| Comment (JSONC) | { // port\n"port":80} | Rejected | Unexpected token / … |
| Unquoted key | {port:80} | Rejected | Expected property name or '}' … |
| Missing comma between blocks | {"a":{} "b":{}} | Rejected | Expected ',' or '}' after property value … |
| Valid config | {"port":80,"tls":true} | Valid | — |
JSON vs JSONC config files
Knowing which standard a config file uses tells you whether this strict validator is the right check for it.
| File | Standard | Validate here? |
|---|---|---|
| appsettings.json (.NET) | Strict JSON | Yes |
| package.json | Strict JSON | Yes |
CloudFormation *.json | Strict JSON | Yes |
Terraform *.tfvars.json | Strict JSON | Yes |
| tsconfig.json | JSONC (comments, trailing commas) | No — use tsc / strip comments first |
.eslintrc.json | JSONC | No — use ESLint / strip comments first |
| VS Code settings.json | JSONC | No — VS Code reads it directly |
JSON tool tier limits
Per-file size limits. Config validation is single-file.
| Tier | Max file size | Batch files |
|---|---|---|
| Free | 2 MB | 1 |
| Pro | 100 MB | 10 |
| Developer | 5 GB | unlimited |
Cookbook
Real config-file failures and exactly what the validator reports. Values anonymised.
Unescaped Windows path crashes a .NET service at boot
Exampleappsettings.json was hand-edited to add a log path on a Windows box. The single backslashes in C:\Logs\app are read as escape sequences, and \L isn't a valid JSON escape — the service won't start.
Input (appsettings.json):
{ "LogPath": "C:\Logs\app" }
Validator output:
Invalid JSON
Bad escaped character in JSON at position 14
Fix: double the backslashes -> "C:\\Logs\\app" (or use / )tsconfig.json fails because it's JSONC
ExampleA CI step ran a plain JSON check over every *.json including tsconfig.json. The comment makes a strict parser reject it. This validator does the same — telling you the step is using the wrong parser, not that tsconfig is broken.
Input (tsconfig.json):
{
// strict everywhere
"compilerOptions": { "strict": true },
}
Validator output:
Invalid JSON
Unexpected token / … is not valid JSON
Takeaway: tsconfig is valid JSONC. Exclude it from strict-JSON steps,
or strip comments with json-format-fixer if a step truly needs JSON.Missing comma silently re-nests a CloudFormation block
ExampleA missing comma between two top-level resources isn't always a hard error — but here it makes the parser fail. When a similar mistake does parse, the pretty output reveals the wrong nesting before deploy.
Input (template.json):
{
"Resources": {
"Bucket": { "Type": "AWS::S3::Bucket" }
"Queue": { "Type": "AWS::SQS::Queue" }
}
}
Validator output:
Invalid JSON
Expected ',' or '}' after property value in JSON at position 71 (line 4 column 5)
Fix: add a comma after the Bucket block.Terraform tfvars.json with a trailing comma
ExampleGenerated *.tfvars.json got a trailing comma after the last variable from a script that appended entries. terraform rejects it; so does this validator, at the comma's position.
Input (prod.tfvars.json):
{
"region": "us-east-1",
"replicas": 3,
}
Validator output:
Invalid JSON
Expected double-quoted property name in JSON at position 47 (line 4 column 1)
Fix: remove the comma after "replicas": 3Confirming a config is clean before deploy
ExampleAfter fixing, a green verdict plus a readable parsed structure is your go-signal. The parsed output confirms the nesting matches intent.
Validator output:
Valid JSON (842 B)
Parsed output:
{
"region": "us-east-1",
"replicas": 3,
"tls": true
}
Safe to deploy — and the same file passes the jq gate in CI.Errors and edge cases
Real errors and silent failures sourced from each platform's own documentation. Match the wording to the row, fix what the row says to fix.
tsconfig.json / .eslintrc.json / VS Code settings (JSONC)
RejectedThese are JSON-with-Comments: they legitimately contain // comments and trailing commas. Strict JSON.parse rejects them, so this validator does too. That is correct behaviour — it tells you a strict-JSON step shouldn't own these files. Keep them with their JSONC-aware tool, or strip comments with json-format-fixer if a strict step truly needs them.
Unescaped backslash in a Windows path
Rejected"C:\Users\app" fails because \U and \a aren't valid JSON escapes (Bad escaped character). Config files written on Windows hit this constantly. Either double every backslash (C:\\Users\\app) or use forward slashes, which work on Windows for most paths.
Trailing comma after the last setting
Rejected{"port":80,} is the most common hand-edit error. Strict JSON forbids it (Expected double-quoted property name). The validator gives the comma's position; json-format-fixer removes trailing commas automatically and re-parses.
Duplicate config key
By design — not flagged{"port":80,"port":443} parses, and V8 keeps the last value (443). The validator does not warn about this — and neither does jq or a node loader. If two config sections set the same key, the file ships valid with the later value winning; review duplicates by hand.
Single quotes instead of double quotes
RejectedJSON requires double quotes for strings and keys. {'port':80} fails immediately. This often comes from copying a JS object literal into a config file. Convert with json-format-fixer or fix by hand.
Leading UTF-8 BOM
SupportedA config saved by a Windows editor may start with a U+FEFF BOM. The tool trims it before parsing (U+FEFF is whitespace in ECMAScript), so the file validates. Be aware some loaders (certain Java/Go config readers) don't strip the BOM — one that passes here may still trip a stricter loader.
Empty or whitespace-only config
RejectedAn empty config file fails with Unexpected end of JSON input. Usually means a templating step rendered nothing (an undefined variable, a failed generator). Check that the file actually got written before the deploy step read it.
Top-level array config
SupportedSome tools take a config that is a top-level array (e.g. a list of rules). [ {...}, {...} ] is valid JSON and validates green. If your loader expects an object at the root, that's a loader expectation, not a JSON error.
Comment-only mistake in otherwise valid JSON
RejectedAdding a single // note line to an appsettings.json to leave yourself a reminder turns valid JSON into invalid JSON — strict parsers reject the /. If you need inline notes, add a string field like "_comment": "…" instead of a real comment.
File larger than the 2 MB free limit
BlockedFree tier caps files at 2 MB — far above any normal config. A config that large usually means data was embedded that belongs elsewhere. Validate big bundled config on Pro (100 MB) or Developer (5 GB).
Frequently asked questions
Can I validate tsconfig.json or .eslintrc.json here?
Not as JSON — those are JSONC (they allow comments and trailing commas), and this validator is strict, so it correctly rejects them. The same goes for a jq step. Let the owning tool (TypeScript, ESLint) read them, or strip comments with json-format-fixer if a strict-JSON step truly needs the file.
Does the 'Strict mode' checkbox enable a JSONC/comment mode?
No. The parser is strict RFC 8259 whether the box is checked or not — there is no comment-tolerant path. The checkbox is informational only; comments and trailing commas are always rejected.
Why does my Windows path break the config?
Single backslashes in JSON are escape sequences, and \U (from C:\Users) isn't a valid escape — JSON.parse throws Bad escaped character. Double each backslash (C:\\Users) or use forward slashes, which Windows accepts in most paths.
Will a config that passes here actually boot my service?
It will parse — which removes the entire class of 'invalid JSON at startup' failures. It won't guarantee the values are correct (a valid JSON with port: "eighty" still fails your app). For value/structure validation, generate a schema with the JSON Schema Generator and check against it.
Does it detect duplicate keys in a config?
No. JSON.parse accepts duplicate keys and keeps the last value, so {"port":80,"port":443} validates as 443. Neither this tool nor jq nor a node loader flags it. Review for accidental duplicates manually.
Is my config uploaded anywhere?
No. Validation runs in your browser via JSON.parse. Secrets-adjacent config, IaC variables, and connection strings never reach a JAD Apps server. DevTools will show no network request when you click Validate.
How do I add inline notes to a JSON config without breaking it?
You can't use real comments in strict JSON. The common pattern is a string field, e.g. "_comment": "increase replicas before launch", which most loaders ignore. If the file format is actually JSONC (tsconfig), real comments are fine — just don't run it through a strict validator.
Can I validate all my config files at once?
Not in the UI — it's one file at a time (free batch is 1). For the whole repo, use the find … | xargs jq empty loop from the steps, which is also what you'd put in your deploy pipeline as a gate.
Does CloudFormation / Terraform use strict JSON?
Yes — *.json templates and *.tfvars.json are strict JSON (no comments, no trailing commas). So this validator's verdict matches what CloudFormation and Terraform will accept, making it a reliable pre-deploy check for IaC.
What about a leading BOM that some editor added?
The tool trims the leading U+FEFF BOM before parsing, so a BOM doesn't fail validation here. However, some non-JS config loaders don't strip BOMs — if a file passes here but your service still complains, save it as UTF-8 without BOM.
Why does the parsed-output preview cut off?
The on-screen pretty print is truncated at 5,000 characters for performance. The pass/fail verdict covers the whole file, and Copy gives you the complete re-serialised config — the truncation affects only what's displayed.
It's valid JSON but a value is nested in the wrong place — how do I catch that?
Read the pretty-printed parsed output; a missing comma can make a parser accept the file with values attached to the wrong block. Comparing against a known-good version in json-diff is the fastest way to spot a structural shift that's still valid JSON.
Privacy first
Conversion runs locally in your browser. No file is uploaded — only metadata counters are saved for signed-in dashboard stats.