mongo-escape

Lightweight npm package (v2.0.6, last updated 2016) for escaping $ and . characters in MongoDB query keys to prevent NoSQL injection attacks. Replaces $ with Unicode fullwidth dollar sign (＄) and . with Unicode fullwidth full stop (．). Only protects against keyword injection, not full JavaScript injection – mapReduce and $where are not safe. Works on strings and objects (keys escaped in-place, no clone). Supports escape and unescape functions, with optional recursion flag. Minimal dependencies, simple API. Suitable for legacy systems needing basic injection prevention; not actively maintained.