{"id":11313,"library":"micromark-util-encode","title":"Micromark HTML Character Encoder","description":"micromark-util-encode is a focused utility package within the micromark ecosystem, designed specifically for encoding dangerous HTML characters to ensure text is safe for embedding in HTML documents. Its current stable version is 2.0.1, part of the 2.x release line which maintains compatibility with Node.js 16 and higher. As a component of the unified collective, it follows a pragmatic release cadence often aligned with major micromark and Node.js version updates. This package differentiates itself by providing a robust, performant, and standards-compliant algorithm for HTML escaping, specifically tailored for the needs of markdown processors and related text transformation tools, where correctness and minimal overhead are critical. It is fully typed with TypeScript, ensuring good developer experience for static analysis and type safety.","status":"active","version":"2.0.1","language":"javascript","source_language":"en","source_url":"https://github.com/micromark/micromark#main","tags":["javascript","micromark","util","utility","html","encode","typescript"],"install":[{"cmd":"npm install micromark-util-encode","lang":"bash","label":"npm"},{"cmd":"yarn add micromark-util-encode","lang":"bash","label":"yarn"},{"cmd":"pnpm add micromark-util-encode","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is ESM-only. CommonJS `require()` is not supported.","wrong":"const { encode } = require('micromark-util-encode')","symbol":"encode","correct":"import { encode } from 'micromark-util-encode'"},{"note":"There is no default export; the `encode` function must be imported as a named export.","wrong":"import encode from 'micromark-util-encode'","symbol":"encode (default)","correct":"import { encode } from 'micromark-util-encode'"},{"note":"While this package is fully typed, it exports no additional types directly. Core types for `micromark` are often found in `micromark-util-types` or inferred from usage.","symbol":"Types","correct":"import type { Value } from 'micromark-util-types'"}],"quickstart":{"code":"import { encode } from 'micromark-util-encode';\n\nconst unsafeHtml = '<script>alert(\"XSS\")</script> & <img src=\"x\" onerror=\"alert(\\'Error\\')\">';\nconst safeHtml = encode(unsafeHtml);\n\nconsole.log('Original:', unsafeHtml);\nconsole.log('Encoded:', safeHtml);\n// Expected output: Original: <script>alert(\"XSS\")</script> & <img src=\"x\" onerror=\"alert(\\'Error\\')\">\n// Expected output: Encoded: &lt;script&gt;alert(&quot;XSS&quot;)&lt;/script&gt; &amp; &lt;img src=&quot;x&quot; onerror=&quot;alert(&#x27;Error&#x27;)&quot;&gt;","lang":"typescript","description":"Demonstrates how to import and use the `encode` function to escape common HTML special characters for safe embedding."},"warnings":[{"fix":"Migrate your project to use ES modules (`import`) or ensure you're using a bundler/transpiler that handles ESM correctly. For Node.js, ensure your package.json specifies `\"type\": \"module\"` or use `.mjs` files.","message":"Version 2.x of `micromark-util-encode` is ESM-only. Direct `require()` calls for this package will result in an error.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"Upgrade your Node.js environment to version 16 or newer. For projects requiring older Node.js compatibility, consider pinning to `micromark-util-encode@1.x` if available and compatible with your `micromark` version.","message":"Version 2.x of `micromark-util-encode` officially supports Node.js 16 and higher. Older Node.js versions are not guaranteed to work and may encounter runtime errors.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"Always understand the specific scope of encoding. For broader security, combine with other sanitization libraries or consider a full templating engine that handles auto-escaping.","message":"The `encode` function specifically targets HTML characters (<, >, &, \", '). It does not perform full URL encoding or sanitize other potentially unsafe content like CSS injections or script execution from attributes (e.g., `onerror`).","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Change `const { encode } = require('micromark-util-encode')` to `import { encode } from 'micromark-util-encode'` and ensure your project is configured for ES modules.","cause":"Attempting to `require()` an ESM-only package in a CommonJS context.","error":"ERR_REQUIRE_ESM"},{"fix":"Ensure you are using named imports: `import { encode } from 'micromark-util-encode'`.","cause":"Trying to import `encode` as a default import when it is a named export.","error":"TypeError: encode is not a function"}],"ecosystem":"npm"}