HTML Encode/Decode

0.0.5 verified Thu Apr 23 auth: no javascript abandoned

htmlencode is a minimalist Node.js module, currently at version 0.0.5, designed to provide basic HTML encoding and decoding functionalities. It serves as a wrapper for the legacy client-side JavaScript library found at `strictly-software.com/htmlencode`, adapting it for server-side Node.js environments. The package introduced two key modifications to the original source: renaming the global `Encoder` object to `module.exports` for CommonJS compatibility and patching a global variable leak within the `htmlDecode` method. Given its low version number and the nature of its changes (primarily adapting an external, presumably old, client-side script for Node.js), the package appears to have had a very limited release cadence and is likely no longer actively maintained. It offers basic HTML entity conversion, supporting both named and numerical entities, configured either globally via the `EncodeType` property or through an `Encoder` class instance.

Common errors

error ReferenceError: require is not defined ↓

cause Attempting to use `require()` in an ECMAScript Module (ESM) context, where `require` is not globally available.

fix

This package is CommonJS-only. Either convert your Node.js project or file to CommonJS (.js files treated as CJS, or explicitly .cjs), or use Node.js's createRequire utility in ESM to load it:

import { createRequire } from 'module'; const require = createRequire(import.meta.url); const htmlencode = require('htmlencode');

error TypeError: htmlEncode is not a function ↓

cause This error typically occurs when attempting to use named imports (`import { htmlEncode } from 'htmlencode';`) for a CommonJS-only package that exports a single object, or when the module object is not correctly accessed.

fix

For CommonJS, use const htmlencode = require('htmlencode'); to get the module object, then access its methods like htmlencode.htmlEncode(). Direct named imports are not supported for this package.

Warnings

breaking This package is effectively abandoned and unmaintained. It is at version 0.0.5 with no updates since its initial release, meaning it will not receive security patches, bug fixes, or compatibility updates for modern Node.js versions or evolving web standards. ↓

fix Migrate to a actively maintained and more robust HTML sanitization/encoding library like 'dompurify' or 'sanitize-html', or a dedicated encoding library like 'he'.

gotcha The package is exclusively CommonJS-only (`require()`). Attempting to use `import` statements in an ECMAScript Module (ESM) context will lead to runtime errors, or require specific build tool configurations or Node.js loader hacks. ↓

fix Ensure your project is configured for CommonJS, or use dynamic `import()` or `createRequire` from the `module` module to load it within an ESM context. Consider modern alternatives that support ESM.

breaking As a wrapper around an unmaintained client-side library, `htmlencode` likely contains unaddressed security vulnerabilities, particularly concerning HTML encoding/decoding which is critical for preventing Cross-Site Scripting (XSS) attacks. Its use in production without thorough security review is strongly discouraged. ↓

fix Immediately replace this package with a security-audited and actively maintained library specifically designed for HTML sanitization or secure encoding, such as 'dompurify', 'sanitize-html', or 'he'.

gotcha The package does not ship with TypeScript type definitions. This makes it challenging to use in TypeScript projects, requiring manual `declare module` additions or ignoring type errors. ↓

fix If you must use this package, create a `declarations.d.ts` file with `declare module 'htmlencode';` or more specific type definitions. However, migrating to a typed alternative is recommended.

Install

npm install htmlencode

yarn add htmlencode

pnpm add htmlencode

Imports

htmlencode
wrong
```
import htmlencode from 'htmlencode';
```
correct
```
const htmlencode = require('htmlencode');
```
This package is CommonJS-only. The main export is an object containing encoding/decoding methods and the Encoder class.
htmlEncode
wrong
```
import { htmlEncode } from 'htmlencode';
```
correct
```
const { htmlEncode } = require('htmlencode');
```
Access individual methods directly from the main module object. CommonJS-only.
Encoder
wrong
```
import { Encoder } from 'htmlencode';
```
correct
```
const { Encoder } = require('htmlencode');
```
The Encoder class is exposed as a property of the main module export. CommonJS-only.

Quickstart

Demonstrates basic HTML encoding and decoding, global entity type changes, and instance-specific encoding using the Encoder class.

const htmlencode = require('htmlencode');

// Basic HTML encoding with default named entities
const encodedNamed = htmlencode.htmlEncode('<h1>Welcome to my & website!</h1>');
console.log('Encoded (named entities):', encodedNamed);
// Expected: &lt;h1&gt;Welcome to my &amp; website!&lt;/h1&gt;

// Decoding example
const decoded = htmlencode.htmlDecode('&lt;h1&gt;Welcome&lt;/h1&gt;');
console.log('Decoded:', decoded);
// Expected: <h1>Welcome</h1>

// Changing to numerical HTML entities globally
htmlencode.EncodeType = 'numerical';
const encodedNumerical = htmlencode.htmlEncode('<h1>Another & test</h1>');
console.log('Encoded (numerical entities):', encodedNumerical);
// Expected: &#60;h1&#62;Another &#38; test&#60;/h1&#62;

// Using the Encoder class for instance-specific settings
const Encoder = htmlencode.Encoder; // Access the class
const encoderInstance = new Encoder('named'); // Or 'numerical'
const instanceEncoded = encoderInstance.htmlEncode('<script>alert("XSS")</script>');
console.log('Encoded (instance-specific named):', instanceEncoded);
// Expected: &lt;script&gt;alert(&quot;XSS&quot;)&lt;/script&gt;