Gathering detailed insights and metrics for parse-entities
Gathering detailed insights and metrics for parse-entities
Installations
npm install parse-entitiesScore
98
Supply Chain
99.5
Quality
75.8
Maintenance
100
Vulnerability
100
License
Developer
wooorm
Developer Guide
BETA
Module System
ESM
Min. Node Version
Typescript Support
Yes
Node Version
19.3.0
NPM Version
9.2.0
Statistics
49 Stars
107 Commits
12 Forks
5 Watching
1 Branches
6 Contributors
Updated on 01 Aug 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
1,880,708,793
Last day
-2.1%
1,760,752
Compared to previous day
Last week
4.4%
9,405,274
Compared to previous week
Last month
15.3%
39,033,818
Compared to previous month
Last year
-3.2%
414,736,408
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
parse-entities
Parse HTML character references.
Contents
- What is this?
- When should I use this?
- Install
- Use
- API
- Types
- Compatibility
- Security
- Related
- Contribute
- License
What is this?
This is a small and powerful decoder of HTML character references (often called entities).
When should I use this?
You can use this for spec-compliant decoding of character references. It’s small and fast enough to do that well. You can also use this when making a linter, because there are different warnings emitted with reasons for why and positional info on where they happened.
Install
This package is ESM only. In Node.js (version 14.14+, 16.0+), install with npm:
1npm install parse-entities
In Deno with esm.sh:
1import {parseEntities} from 'https://esm.sh/parse-entities@3'
In browsers with esm.sh:
1<script type="module"> 2 import {parseEntities} from 'https://esm.sh/parse-entities@3?bundle' 3</script>
Use
1import {parseEntities} from 'parse-entities'
2
3console.log(parseEntities('alpha & bravo')))
4// => alpha & bravo
5
6console.log(parseEntities('charlie ©cat; delta'))
7// => charlie ©cat; delta
8
9console.log(parseEntities('echo © foxtrot ≠ golf 𝌆 hotel'))
10// => echo © foxtrot ≠ golf 𝌆 hotelAPI
This package exports the identifier parseEntities.
There is no default export.
parseEntities(value[, options])
Parse HTML character references.
options
Configuration (optional).
options.additional
Additional character to accept (string?, default: '').
This allows other characters, without error, when following an ampersand.
options.attribute
Whether to parse value as an attribute value (boolean?, default: false).
This results in slightly different behavior.
options.nonTerminated
Whether to allow nonterminated references (boolean, default: true).
For example, ©cat for ©cat.
This behavior is compliant to the spec but can lead to unexpected results.
options.position
Starting position of value (Position or Point, optional).
Useful when dealing with values nested in some sort of syntax tree.
The default is:
1{line: 1, column: 1, offset: 0}
options.warning
Error handler (Function?).
options.text
Text handler (Function?).
options.reference
Reference handler (Function?).
options.warningContext
Context used when calling warning ('*', optional).
options.textContext
Context used when calling text ('*', optional).
options.referenceContext
Context used when calling reference ('*', optional)
Returns
string — decoded value.
function warning(reason, point, code)
Error handler.
Parameters
this(*) — refers towarningContextwhen given toparseEntitiesreason(string) — human readable reason for emitting a parse errorpoint(Point) — place where the error occurredcode(number) — machine readable code the error
The following codes are used:
| Code | Example | Note |
|---|---|---|
1 | foo & bar | Missing semicolon (named) |
2 | foo { bar | Missing semicolon (numeric) |
3 | Foo &bar baz | Empty (named) |
4 | Foo &# | Empty (numeric) |
5 | Foo &bar; baz | Unknown (named) |
6 | Foo € baz | Disallowed reference |
7 | Foo � baz | Prohibited: outside permissible unicode range |
function text(value, position)
Text handler.
Parameters
this(*) — refers totextContextwhen given toparseEntitiesvalue(string) — string of contentposition(Position) — place wherevaluestarts and ends
function reference(value, position, source)
Character reference handler.
Parameters
this(*) — refers toreferenceContextwhen given toparseEntitiesvalue(string) — decoded character referenceposition(Position) — place wheresourcestarts and endssource(string) — raw source of character reference
Types
This package is fully typed with TypeScript.
It exports the additional types Options, WarningHandler,
ReferenceHandler, and TextHandler.
Compatibility
This package is at least compatible with all maintained versions of Node.js. As of now, that is Node.js 14.14+ and 16.0+. It also works in Deno and modern browsers.
Security
This package is safe: it matches the HTML spec to parse character references.
Related
wooorm/stringify-entities— encode HTML character referenceswooorm/character-entities— info on character referenceswooorm/character-entities-html4— info on HTML4 character referenceswooorm/character-entities-legacy— info on legacy character referenceswooorm/character-reference-invalid— info on invalid numeric character references
Contribute
Yes please! See How to Contribute to Open Source.
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
0 existing vulnerabilities detected
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 1/30 approved changesets -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/wooorm/parse-entities/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/wooorm/parse-entities/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/wooorm/parse-entities/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:15
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
Project has not signed or included provenance with any releases.
Details
- Warn: release artifact 2.0.0 not signed: https://api.github.com/repos/wooorm/parse-entities/releases/22815595
- Warn: release artifact 2.0.0 does not have provenance: https://api.github.com/repos/wooorm/parse-entities/releases/22815595
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 1 are checked with a SAST tool
Score
3.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More