Gathering detailed insights and metrics for parse-entities
Gathering detailed insights and metrics for parse-entities
Installations
npm install parse-entitiesDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
23.1.0
NPM Version
10.9.1
Score
98.8
Supply Chain
99.5
Quality
76.7
Maintenance
100
Vulnerability
100
License
Releases
15
Languages
1
JavaScript
JavaScript (100%)
Developer
wooorm
Download Statistics
Total Downloads
2,133,816,326
Last Day
647,701
Last Week
11,453,455
Last Month
49,263,246
Last Year
464,051,738
GitHub Statistics
MIT License
50 Stars
116 Commits
12 Forks
4 Watchers
1 Branches
7 Contributors
Updated on May 14, 2025
Bundle Size
32.24 kB
Minified
13.07 kB
Minified + Gzipped
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
4.0.2
Package Id
parse-entities@4.0.2
Unpacked Size
25.79 kB
Size
8.00 kB
File Count
8
NPM Version
10.9.1
Node Version
23.1.0
Published on
Dec 13, 2024
Total Downloads
Cumulative downloads
Total Downloads
2,133,816,326
Last Day
-10.9%
647,701
Compared to previous day
Last Week
-8.6%
11,453,455
Compared to previous week
Last Month
3.9%
49,263,246
Compared to previous month
Last Year
15.3%
464,051,738
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
parse-entities
Parse HTML character references.
Contents
- What is this?
- When should I use this?
- Install
- Use
- API
- Types
- Compatibility
- Security
- Related
- Contribute
- License
What is this?
This is a small and powerful decoder of HTML character references (often called entities).
When should I use this?
You can use this for spec-compliant decoding of character references. It’s small and fast enough to do that well. You can also use this when making a linter, because there are different warnings emitted with reasons for why and positional info on where they happened.
Install
This package is ESM only. In Node.js (version 14.14+, 16.0+), install with npm:
1npm install parse-entities
In Deno with esm.sh:
1import {parseEntities} from 'https://esm.sh/parse-entities@3'
In browsers with esm.sh:
1<script type="module"> 2 import {parseEntities} from 'https://esm.sh/parse-entities@3?bundle' 3</script>
Use
1import {parseEntities} from 'parse-entities'
2
3console.log(parseEntities('alpha & bravo')))
4// => alpha & bravo
5
6console.log(parseEntities('charlie ©cat; delta'))
7// => charlie ©cat; delta
8
9console.log(parseEntities('echo © foxtrot ≠ golf 𝌆 hotel'))
10// => echo © foxtrot ≠ golf 𝌆 hotelAPI
This package exports the identifier parseEntities.
There is no default export.
parseEntities(value[, options])
Parse HTML character references.
options
Configuration (optional).
options.additional
Additional character to accept (string?, default: '').
This allows other characters, without error, when following an ampersand.
options.attribute
Whether to parse value as an attribute value (boolean?, default: false).
This results in slightly different behavior.
options.nonTerminated
Whether to allow nonterminated references (boolean, default: true).
For example, ©cat for ©cat.
This behavior is compliant to the spec but can lead to unexpected results.
options.position
Starting position of value (Position or Point, optional).
Useful when dealing with values nested in some sort of syntax tree.
The default is:
1{line: 1, column: 1, offset: 0}
options.warning
Error handler (Function?).
options.text
Text handler (Function?).
options.reference
Reference handler (Function?).
options.warningContext
Context used when calling warning ('*', optional).
options.textContext
Context used when calling text ('*', optional).
options.referenceContext
Context used when calling reference ('*', optional)
Returns
string — decoded value.
function warning(reason, point, code)
Error handler.
Parameters
this(*) — refers towarningContextwhen given toparseEntitiesreason(string) — human readable reason for emitting a parse errorpoint(Point) — place where the error occurredcode(number) — machine readable code the error
The following codes are used:
| Code | Example | Note |
|---|---|---|
1 | foo & bar | Missing semicolon (named) |
2 | foo { bar | Missing semicolon (numeric) |
3 | Foo &bar baz | Empty (named) |
4 | Foo &# | Empty (numeric) |
5 | Foo &bar; baz | Unknown (named) |
6 | Foo € baz | Disallowed reference |
7 | Foo � baz | Prohibited: outside permissible unicode range |
function text(value, position)
Text handler.
Parameters
this(*) — refers totextContextwhen given toparseEntitiesvalue(string) — string of contentposition(Position) — place wherevaluestarts and ends
function reference(value, position, source)
Character reference handler.
Parameters
this(*) — refers toreferenceContextwhen given toparseEntitiesvalue(string) — decoded character referenceposition(Position) — place wheresourcestarts and endssource(string) — raw source of character reference
Types
This package is fully typed with TypeScript.
It exports the additional types Options, WarningHandler,
ReferenceHandler, and TextHandler.
Compatibility
This package is at least compatible with all maintained versions of Node.js. As of now, that is Node.js 14.14+ and 16.0+. It also works in Deno and modern browsers.
Security
This package is safe: it matches the HTML spec to parse character references.
Related
wooorm/stringify-entities— encode HTML character referenceswooorm/character-entities— info on character referenceswooorm/character-entities-html4— info on HTML4 character referenceswooorm/character-entities-legacy— info on legacy character referenceswooorm/character-reference-invalid— info on invalid numeric character references
Contribute
Yes please! See How to Contribute to Open Source.
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
Found 2/30 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:6: update your workflow using https://app.stepsecurity.io/secureworkflow/wooorm/parse-entities/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/wooorm/parse-entities/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/wooorm/parse-entities/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:11
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 2 are checked with a SAST tool
Score
3.4
/10
Last Scanned on 2025-05-26
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More