Escape Strings for JavaScript Literals

1.0.1 · abandoned · verified Sun Apr 19

js-string-escape is a utility package designed to safely escape arbitrary JavaScript strings for inclusion as string literals within generated JavaScript code. Currently at version 1.0.1, the package appears to be stable but has not seen updates in approximately nine years (as of April 2026), indicating an abandoned or long-term unmaintained status. It adheres to ECMAScript 5.1 specifications for string escaping and has been tested across all Unicode code points, ensuring robust handling of diverse character sets. A key differentiation point is its explicit focus on JavaScript string literal safety, in contrast to JSON escaping rules; specifically, it will escape `\'` which is invalid in JSON, and does not restrict control characters as JSON does. This makes it suitable for code generation scenarios where the output needs to be valid JavaScript, but unsuitable for generating JSON.

Common errors

```
ReferenceError: require is not defined
```
cause Attempting to use `require()` in an ECMAScript Module (ESM) context without proper configuration (e.g., using `createRequire`).

fix Ensure your file is a CommonJS module (`.js` without `"type": "module"` in `package.json`, or explicitly `.cjs`), or use `import * as pkg from 'pkg'` if the package provides an ESM export (which `js-string-escape` does not). For `js-string-escape`, you might need to use a bundler or stick to CJS.
```
TypeError: jsStringEscape is not a function
```
cause Incorrectly importing the CommonJS module using ESM `import` syntax, e.g., `import { jsStringEscape } from 'js-string-escape';` or `import jsStringEscape from 'js-string-escape';`.

fix Use the correct CommonJS `require` syntax: `const jsStringEscape = require('js-string-escape');`.

Warnings

gotcha The package explicitly states it is not compliant with JSON string escaping rules. It escapes `\'` (single quote) and does not restrict control characters, which are both invalid in JSON. Do not use this for generating JSON.
Fix: For JSON escaping, use `JSON.stringify()` or a dedicated JSON escaping library.
breaking This package is CommonJS-only and does not provide an ESM export. Attempting to import it using `import` syntax in an ESM module will fail.
Fix: Use `const jsStringEscape = require('js-string-escape');` for all imports, ensuring your environment supports CommonJS or you are transpiling correctly.
gotcha Non-string inputs to `jsStringEscape` will be implicitly cast to a string before escaping. While often harmless, this can lead to unexpected results if the string representation of an object or number is not what was intended.
Fix: Explicitly cast inputs to string using `String(value)` or `value.toString()` if type safety is critical or if handling complex objects.
breaking The package appears to be abandoned, with no updates or commits in approximately nine years (as of April 2026). This means it will not receive bug fixes, security patches, or new features. Using abandoned software can pose security risks or lead to incompatibility with newer JavaScript runtimes.
Fix: Consider evaluating alternative, actively maintained string escaping libraries if long-term support or security updates are critical for your project.

Install

npm install js-string-escape npm
yarn add js-string-escape yarn
pnpm add js-string-escape pnpm

Imports

jsStringEscape
wrong:
```
import { jsStringEscape } from 'js-string-escape';
```
correct:
```
const jsStringEscape = require('js-string-escape');
```
This package is CommonJS-only and does not provide an ESM export. Use `require()` to import.

Quickstart

This quickstart demonstrates how to use `js-string-escape` to safely prepare strings for insertion into JavaScript string literals, including special characters and non-string inputs, and verifies correctness using `eval`.

const jsStringEscape = require('js-string-escape');

// Example 1: Basic string with quotes and newlines
const input1 = "Hello, world!\nThis includes single quotes ('), double quotes ("), and a backslash (\\).";
const escaped1 = jsStringEscape(input1);
console.log(`Escaped string 1: "${escaped1}"`);
// Invariant check (evaluates the escaped string):
console.assert(eval(`"${escaped1}"`) === input1, 'Invariant 1 failed');

// Example 2: String with various special characters and Unicode
const input2 = "Path: C:\\Users\\Name\\Docs. Emoji: 😂. Tab:\t. Line separator: \u2028. Paragraph separator: \u2029.";
const escaped2 = jsStringEscape(input2);
console.log(`Escaped string 2: '${escaped2}'`);
// Invariant check (using single quotes for variety):
console.assert(eval(`'${escaped2}'`) === input2, 'Invariant 2 failed');

// Example 3: Non-string input (will be cast to string)
const input3 = 12345;
const escaped3 = jsStringEscape(input3);
console.log(`Escaped non-string input (${input3}): "${escaped3}"`);
console.assert(eval(`"${escaped3}"`) === String(input3), 'Invariant 3 failed');

const complexInput = `This is a multi-line string with\nsome special characters like 'quotes' and "double quotes".\nIt also has backslashes: C:\\Program Files\\Example.\nAnd some unicode characters: éàüöç.\nEven some control characters like null: \x00 and bell: \x07.\nThis should all be escaped correctly for JavaScript literals.`;
const complexEscaped = jsStringEscape(complexInput);
console.log(`\nComplex input: ${complexInput}`);
console.log(`Complex escaped: "${complexEscaped}"`);
console.assert(eval(`"${complexEscaped}"`) === complexInput, 'Complex invariant failed');

console.log('All assertions passed!');

view raw JSON →