JSON Duplicate Keys and Silent Overwrites
TL;DR: JSON objects with the same key defined more than once are technically valid, but most parsers silently keep only the last value, which can hide serious configuration or payload bugs.
What Happens with Duplicate Keys?
The JSON specification does not forbid duplicate keys in an object, but it also does not define how parsers should handle them. In practice, almost every JSON library behaves the same way: it keeps only the last occurrence of a key and discards the earlier ones without warning.
{
"role": "user",
"role": "admin"
}In most languages, the final in-memory representation will be equivalent to:
{
"role": "admin"
}Why This Breaks Apps
- Security rules or feature flags defined earlier in the payload are silently ignored.
- Config values that look correct in code review are not the ones actually used at runtime.
- Different services might depend on different positions of the same key, leading to inconsistent behavior.
Catch Duplicate Keys Before They Ship
Use the JSON Runtime Checker to scan payloads for duplicate keys and flag them as breaking issues when strict detection is enabled.
Inspect Your JSON for Duplicate Keys
Paste your JSON into the JSON Runtime Checker to find duplicate keys, mixed-type arrays, and other runtime hazards before they hit production.