At the end of the day, your particular data and requirements will determine which library is best for any particular application and you need to pay attention to what your data will look like and what the receiving end will do with it. For example, in one test, yason:encode choked on a list which included a keyword :NULL in an unexpected location. Cl-json just encoded it as the string "null" and st-json encoded it as 'null' (not a string). In testing for your use, deliberately feed badly formed data and see how the library reacts. Some will throw recoverable conditions (depending on the error) while others may actually lock up a thread.
Difference between JSON libraries
As can be expected, the libraries do much of the same if you have basic needs. However, significant differences exist and should be considered in choosing which library is right for any particular project. Many applications are asymmetric in how they will use these libraries. If you are mostly getting JSON data from somewhere else, parsing it and using it, then jsown will likely be your best choice. It is focused on decoding JSON data and is an order of magnitude faster than any other library at this task. If you do not want to write your own methods for generic functions and you are going back and forth between JSON objects and clos objects, I would recommend cl-json. If you need to pay particular attention to the differences between null, nil and false, you should probably consider st-json. If you are going to be encoding lisp data but are not sure what the data will look like, cl-json may be your best choice because it handles different types of lisp data out of the box better than the other libraries. For example, handed a list of alists or a list of plists, cl-json correctly encoded an array of json objects and an array of JSON arrays respectively. Neither st-json nor yason could cope with that in one call. In the cases of st-json and yason, you would have to break it into loops and run the encoding function on elements. On the other hand, cl-json could, in theory, suffer an attack because it interns everything as a keyword. So a lot of badly formed could have undesired results.