{"id":11157,"library":"js-string-escape","title":"Escape Strings for JavaScript Literals","description":"js-string-escape is a utility package designed to safely escape arbitrary JavaScript strings for inclusion as string literals within generated JavaScript code. Currently at version 1.0.1, the package appears to be stable but has not seen updates in approximately nine years (as of April 2026), indicating an abandoned or long-term unmaintained status. It adheres to ECMAScript 5.1 specifications for string escaping and has been tested across all Unicode code points, ensuring robust handling of diverse character sets. A key differentiation point is its explicit focus on JavaScript string literal safety, in contrast to JSON escaping rules; specifically, it will escape `\\'` which is invalid in JSON, and does not restrict control characters as JSON does. This makes it suitable for code generation scenarios where the output needs to be valid JavaScript, but unsuitable for generating JSON.","status":"abandoned","version":"1.0.1","language":"javascript","source_language":"en","source_url":"https://github.com/joliss/js-string-escape","tags":["javascript","string","escape","backslash","ecmascript"],"install":[{"cmd":"npm install js-string-escape","lang":"bash","label":"npm"},{"cmd":"yarn add js-string-escape","lang":"bash","label":"yarn"},{"cmd":"pnpm add js-string-escape","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is CommonJS-only and does not provide an ESM export. Use `require()` to import.","wrong":"import { jsStringEscape } from 'js-string-escape';","symbol":"jsStringEscape","correct":"const jsStringEscape = require('js-string-escape');"}],"quickstart":{"code":"const jsStringEscape = require('js-string-escape');\n\n// Example 1: Basic string with quotes and newlines\nconst input1 = \"Hello, world!\\nThis includes single quotes ('), double quotes (\"), and a backslash (\\\\).\";\nconst escaped1 = jsStringEscape(input1);\nconsole.log(`Escaped string 1: \"${escaped1}\"`);\n// Invariant check (evaluates the escaped string):\nconsole.assert(eval(`\"${escaped1}\"`) === input1, 'Invariant 1 failed');\n\n// Example 2: String with various special characters and Unicode\nconst input2 = \"Path: C:\\\\Users\\\\Name\\\\Docs. Emoji: 😂. Tab:\\t. Line separator: \\u2028. Paragraph separator: \\u2029.\";\nconst escaped2 = jsStringEscape(input2);\nconsole.log(`Escaped string 2: '${escaped2}'`);\n// Invariant check (using single quotes for variety):\nconsole.assert(eval(`'${escaped2}'`) === input2, 'Invariant 2 failed');\n\n// Example 3: Non-string input (will be cast to string)\nconst input3 = 12345;\nconst escaped3 = jsStringEscape(input3);\nconsole.log(`Escaped non-string input (${input3}): \"${escaped3}\"`);\nconsole.assert(eval(`\"${escaped3}\"`) === String(input3), 'Invariant 3 failed');\n\nconst complexInput = `This is a multi-line string with\\nsome special characters like 'quotes' and \"double quotes\".\\nIt also has backslashes: C:\\\\Program Files\\\\Example.\\nAnd some unicode characters: éàüöç.\\nEven some control characters like null: \\x00 and bell: \\x07.\\nThis should all be escaped correctly for JavaScript literals.`;\nconst complexEscaped = jsStringEscape(complexInput);\nconsole.log(`\\nComplex input: ${complexInput}`);\nconsole.log(`Complex escaped: \"${complexEscaped}\"`);\nconsole.assert(eval(`\"${complexEscaped}\"`) === complexInput, 'Complex invariant failed');\n\nconsole.log('All assertions passed!');","lang":"javascript","description":"This quickstart demonstrates how to use `js-string-escape` to safely prepare strings for insertion into JavaScript string literals, including special characters and non-string inputs, and verifies correctness using `eval`."},"warnings":[{"fix":"For JSON escaping, use `JSON.stringify()` or a dedicated JSON escaping library.","message":"The package explicitly states it is not compliant with JSON string escaping rules. It escapes `\\'` (single quote) and does not restrict control characters, which are both invalid in JSON. Do not use this for generating JSON.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Use `const jsStringEscape = require('js-string-escape');` for all imports, ensuring your environment supports CommonJS or you are transpiling correctly.","message":"This package is CommonJS-only and does not provide an ESM export. Attempting to import it using `import` syntax in an ESM module will fail.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Explicitly cast inputs to string using `String(value)` or `value.toString()` if type safety is critical or if handling complex objects.","message":"Non-string inputs to `jsStringEscape` will be implicitly cast to a string before escaping. While often harmless, this can lead to unexpected results if the string representation of an object or number is not what was intended.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Consider evaluating alternative, actively maintained string escaping libraries if long-term support or security updates are critical for your project.","message":"The package appears to be abandoned, with no updates or commits in approximately nine years (as of April 2026). This means it will not receive bug fixes, security patches, or new features. Using abandoned software can pose security risks or lead to incompatibility with newer JavaScript runtimes.","severity":"breaking","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Ensure your file is a CommonJS module (`.js` without `\"type\": \"module\"` in `package.json`, or explicitly `.cjs`), or use `import * as pkg from 'pkg'` if the package provides an ESM export (which `js-string-escape` does not). For `js-string-escape`, you might need to use a bundler or stick to CJS.","cause":"Attempting to use `require()` in an ECMAScript Module (ESM) context without proper configuration (e.g., using `createRequire`).","error":"ReferenceError: require is not defined"},{"fix":"Use the correct CommonJS `require` syntax: `const jsStringEscape = require('js-string-escape');`.","cause":"Incorrectly importing the CommonJS module using ESM `import` syntax, e.g., `import { jsStringEscape } from 'js-string-escape';` or `import jsStringEscape from 'js-string-escape';`.","error":"TypeError: jsStringEscape is not a function"}],"ecosystem":"npm"}