{"id":17687,"library":"htmlencode","title":"HTML Encode/Decode","description":"htmlencode is a minimalist Node.js module, currently at version 0.0.5, designed to provide basic HTML encoding and decoding functionalities. It serves as a wrapper for the legacy client-side JavaScript library found at `strictly-software.com/htmlencode`, adapting it for server-side Node.js environments. The package introduced two key modifications to the original source: renaming the global `Encoder` object to `module.exports` for CommonJS compatibility and patching a global variable leak within the `htmlDecode` method. Given its low version number and the nature of its changes (primarily adapting an external, presumably old, client-side script for Node.js), the package appears to have had a very limited release cadence and is likely no longer actively maintained. It offers basic HTML entity conversion, supporting both named and numerical entities, configured either globally via the `EncodeType` property or through an `Encoder` class instance.","status":"abandoned","version":"0.0.5","language":"javascript","source_language":"en","source_url":"git://github.com/danmactough/node-htmlencode","tags":["javascript","html","encode","decode"],"install":[{"cmd":"npm install htmlencode","lang":"bash","label":"npm"},{"cmd":"yarn add htmlencode","lang":"bash","label":"yarn"},{"cmd":"pnpm add htmlencode","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is CommonJS-only. The main export is an object containing encoding/decoding methods and the Encoder class.","wrong":"import htmlencode from 'htmlencode';","symbol":"htmlencode","correct":"const htmlencode = require('htmlencode');"},{"note":"Access individual methods directly from the main module object. CommonJS-only.","wrong":"import { htmlEncode } from 'htmlencode';","symbol":"htmlEncode","correct":"const { htmlEncode } = require('htmlencode');"},{"note":"The Encoder class is exposed as a property of the main module export. CommonJS-only.","wrong":"import { Encoder } from 'htmlencode';","symbol":"Encoder","correct":"const { Encoder } = require('htmlencode');"}],"quickstart":{"code":"const htmlencode = require('htmlencode');\n\n// Basic HTML encoding with default named entities\nconst encodedNamed = htmlencode.htmlEncode('<h1>Welcome to my & website!</h1>');\nconsole.log('Encoded (named entities):', encodedNamed);\n// Expected: &lt;h1&gt;Welcome to my &amp; website!&lt;/h1&gt;\n\n// Decoding example\nconst decoded = htmlencode.htmlDecode('&lt;h1&gt;Welcome&lt;/h1&gt;');\nconsole.log('Decoded:', decoded);\n// Expected: <h1>Welcome</h1>\n\n// Changing to numerical HTML entities globally\nhtmlencode.EncodeType = 'numerical';\nconst encodedNumerical = htmlencode.htmlEncode('<h1>Another & test</h1>');\nconsole.log('Encoded (numerical entities):', encodedNumerical);\n// Expected: &#60;h1&#62;Another &#38; test&#60;/h1&#62;\n\n// Using the Encoder class for instance-specific settings\nconst Encoder = htmlencode.Encoder; // Access the class\nconst encoderInstance = new Encoder('named'); // Or 'numerical'\nconst instanceEncoded = encoderInstance.htmlEncode('<script>alert(\"XSS\")</script>');\nconsole.log('Encoded (instance-specific named):', instanceEncoded);\n// Expected: &lt;script&gt;alert(&quot;XSS&quot;)&lt;/script&gt;","lang":"javascript","description":"Demonstrates basic HTML encoding and decoding, global entity type changes, and instance-specific encoding using the Encoder class."},"warnings":[{"fix":"Migrate to a actively maintained and more robust HTML sanitization/encoding library like 'dompurify' or 'sanitize-html', or a dedicated encoding library like 'he'.","message":"This package is effectively abandoned and unmaintained. It is at version 0.0.5 with no updates since its initial release, meaning it will not receive security patches, bug fixes, or compatibility updates for modern Node.js versions or evolving web standards.","severity":"breaking","affected_versions":">=0.0.0"},{"fix":"Ensure your project is configured for CommonJS, or use dynamic `import()` or `createRequire` from the `module` module to load it within an ESM context. Consider modern alternatives that support ESM.","message":"The package is exclusively CommonJS-only (`require()`). Attempting to use `import` statements in an ECMAScript Module (ESM) context will lead to runtime errors, or require specific build tool configurations or Node.js loader hacks.","severity":"gotcha","affected_versions":">=0.0.0"},{"fix":"Immediately replace this package with a security-audited and actively maintained library specifically designed for HTML sanitization or secure encoding, such as 'dompurify', 'sanitize-html', or 'he'.","message":"As a wrapper around an unmaintained client-side library, `htmlencode` likely contains unaddressed security vulnerabilities, particularly concerning HTML encoding/decoding which is critical for preventing Cross-Site Scripting (XSS) attacks. Its use in production without thorough security review is strongly discouraged.","severity":"breaking","affected_versions":">=0.0.0"},{"fix":"If you must use this package, create a `declarations.d.ts` file with `declare module 'htmlencode';` or more specific type definitions. However, migrating to a typed alternative is recommended.","message":"The package does not ship with TypeScript type definitions. This makes it challenging to use in TypeScript projects, requiring manual `declare module` additions or ignoring type errors.","severity":"gotcha","affected_versions":">=0.0.0"}],"env_vars":null,"last_verified":"2026-04-23T00:00:00.000Z","next_check":"2026-07-22T00:00:00.000Z","problems":[{"fix":"This package is CommonJS-only. Either convert your Node.js project or file to CommonJS (`.js` files treated as CJS, or explicitly `.cjs`), or use Node.js's `createRequire` utility in ESM to load it: `import { createRequire } from 'module'; const require = createRequire(import.meta.url); const htmlencode = require('htmlencode');`","cause":"Attempting to use `require()` in an ECMAScript Module (ESM) context, where `require` is not globally available.","error":"ReferenceError: require is not defined"},{"fix":"For CommonJS, use `const htmlencode = require('htmlencode');` to get the module object, then access its methods like `htmlencode.htmlEncode()`. Direct named imports are not supported for this package.","cause":"This error typically occurs when attempting to use named imports (`import { htmlEncode } from 'htmlencode';`) for a CommonJS-only package that exports a single object, or when the module object is not correctly accessed.","error":"TypeError: htmlEncode is not a function"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}