Gathering detailed insights and metrics for stringify-entities
Gathering detailed insights and metrics for stringify-entities
Installations
npm install stringify-entitiesDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Node Version
21.7.1
NPM Version
10.5.0
Releases
16
Languages
1
JavaScript
JavaScript (100%)
Developer
wooorm
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
22 Stars
102 Commits
2 Forks
3 Watchers
1 Branches
6 Contributors
Updated on Jul 09, 2024
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
4.0.4
Package Id
stringify-entities@4.0.4
Unpacked Size
23.22 kB
Size
7.29 kB
File Count
21
NPM Version
10.5.0
Node Version
21.7.1
Published on
Apr 03, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
stringify-entities
Serialize (encode) HTML character references.
Contents
- What is this?
- When should I use this?
- Install
- Use
- API
- Algorithm
- Types
- Compatibility
- Security
- Related
- Contribute
- License
What is this?
This is a small and powerful encoder of HTML character references (often called
entities).
This one has either all the options you need for a minifier/formatter, or a
tiny size when using stringifyEntitiesLight.
When should I use this?
You can use this for spec-compliant encoding of character references.
It’s small and fast enough to do that well.
You can also use this when making an HTML formatter or minifier, because there
are different ways to produce pretty or tiny output.
This package is reliable: '`' characters are encoded to ensure no scripts
run in Internet Explorer 6 to 8.
Additionally, only named references recognized by HTML 4 are encoded, meaning
the infamous ' (which people think is a virus) won’t show up.
Install
This package is ESM only. In Node.js (version 14.14+, 16.0+), install with npm:
1npm install stringify-entities
In Deno with esm.sh:
1import {stringifyEntities} from 'https://esm.sh/stringify-entities@4'
In browsers with esm.sh:
1<script type="module"> 2 import {stringifyEntities} from 'https://esm.sh/stringify-entities@4?bundle' 3</script>
Use
1import {stringifyEntities} from 'stringify-entities'
2
3stringifyEntities('alpha © bravo ≠ charlie 𝌆 delta')
4// => 'alpha © bravo ≠ charlie 𝌆 delta'
5
6stringifyEntities('alpha © bravo ≠ charlie 𝌆 delta', {useNamedReferences: true})
7// => 'alpha © bravo ≠ charlie 𝌆 delta'API
This package exports the identifiers stringifyEntities and
stringifyEntitiesLight.
There is no default export.
stringifyEntities(value[, options])
Encode special characters in value.
Core options
options.escapeOnly
Whether to only escape possibly dangerous characters (boolean, default:
false).
Those characters are ", &, ', <, >, and `.
options.subset
Whether to only escape the given subset of characters (Array<string>).
Note that only BMP characters are supported here (so no emoji).
Formatting options
If you do not care about the following options, use stringifyEntitiesLight,
which always outputs hexadecimal character references.
options.useNamedReferences
Prefer named character references (&) where possible (boolean?, default:
false).
options.useShortestReferences
Prefer the shortest possible reference, if that results in less bytes
(boolean?, default: false).
⚠️ Note:
useNamedReferencescan be omitted when usinguseShortestReferences.
options.omitOptionalSemicolons
Whether to omit semicolons when possible (boolean?, default: false).
⚠️ Note: This creates what HTML calls “parse errors” but is otherwise still valid HTML — don’t use this except when building a minifier. Omitting semicolons is possible for certain named and numeric references in some cases.
options.attribute
Create character references which don’t fail in attributes (boolean?, default:
false).
⚠️ Note:
attributeonly applies when operating dangerously withomitOptionalSemicolons: true.
Returns
Encoded value (string).
Algorithm
By default, all dangerous, non-ASCII, and non-printable ASCII characters are
encoded.
A subset of characters can be given to encode just those characters.
Alternatively, pass escapeOnly to escape just the dangerous
characters (", ', <, >, &, `).
By default, hexadecimal character references are used.
Pass useNamedReferences to use named character references when
possible, or useShortestReferences to use whichever is shortest:
decimal, hexadecimal, or named.
There is also a stringifyEntitiesLight export, which works just like
stringifyEntities but without the formatting options: it’s much smaller but
always outputs hexadecimal character references.
Types
This package is fully typed with TypeScript.
It exports the additional types Options and LightOptions types.
Compatibility
This package is at least compatible with all maintained versions of Node.js. As of now, that is Node.js 14.14+ and 16.0+. It also works in Deno and modern browsers.
Security
This package is safe.
Related
parse-entities— parse (decode) HTML character referenceswooorm/character-entities— info on character referenceswooorm/character-entities-html4— info on HTML 4 character referenceswooorm/character-entities-legacy— info on legacy character referenceswooorm/character-reference-invalid— info on invalid numeric character references
Contribute
Yes please! See How to Contribute to Open Source.
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
Found 2/30 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/wooorm/stringify-entities/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/wooorm/stringify-entities/main.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/wooorm/stringify-entities/main.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:15
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 2 are checked with a SAST tool
Score
3.4
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More