jsesc

v3.0.2

Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data. For more information about how to use this package see README

Latest version published 3 years ago

License: MIT

NPM

GitHub

Package Health Score

67 / 100

security
No known security issues
popularity
Influential project
maintenance
Inactive
community
Limited

Explore Similar Packages

Security

No known security issues

All security vulnerabilities belong to production dependencies of direct and indirect packages.

Security and license risk for significant versions

All Versions

Version				Vulnerabilities	License Risk
3.0.2	\|	10/2020		0 C 0 H 0 M 0 L	0 H 0 M 0 L
2.5.2	\|	11/2018	Popular	0 C 0 H 0 M 0 L	0 H 0 M 0 L
1.3.0	\|	05/2016		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.5.0	\|	08/2014		0 C 0 H 0 M 0 L	0 H 0 M 0 L
0.4.3	\|	10/2013		0 C 0 H 0 M 0 L	0 H 0 M 0 L

License

MIT

Security Policy

Is your project affected by vulnerabilities?

Scan your projects for vulnerabilities. Fix quickly with automated fixes. Get started with Snyk for free.

Get started free

Popularity

Influential project

Weekly Downloads (46,567,154)

GitHub Stars: 696
Forks: 53
Contributors: -

Direct Usage Popularity

The npm package jsesc receives a total of 46,567,154 downloads a week. As such, we scored jsesc popularity level to be Influential project.

Based on project statistics from the GitHub repository for the npm package jsesc, we found that it has been starred 696 times.

Downloads are calculated as moving averages for a period of the last 12 months, excluding weekends and known missing data points.

Community

Limited

Readme.md: Yes
Contributing.md: No
Code of Conduct: No
Contributors: 0
Funding: No

This project has seen only 10 or less contributors.

We found a way for you to contribute to the project! Looks like jsesc is missing a Code of Conduct.

Embed Package Health Score Badge

Maintenance

Inactive

Commit Frequency

No Recent Commits

Open Issues: 17
Open PR: 3
Last Release: 3 years ago
Last Commit: 3 years ago

Further analysis of the maintenance status of jsesc based on released npm versions cadence, the repository activity, and other data points determined that its maintenance is Inactive.

An important project maintenance signal to consider for jsesc is that it hasn't seen any new versions released to npm in the past 12 months, and could be considered as a discontinued project, or that which receives low attention from its maintainers.

In the past month we didn't find any pull request activity or change in issues status has been detected for the GitHub repository.

Keep your project healthy

Check your package.json

Ensure all the packages you're using are healthy and well-maintained

Snyk Vulnerability Scanner

Get health score & security insights directly in your IDE

Package

Node.js Compatibility: >=6

Age: 11 years
Dependencies: 0 Direct
Versions: 23
Install Size: 31.7 kB
Dist-tags: 1
# of Files: 6
Maintainers: 1
TS Typings: Yes

jsesc has more than a single and default latest tag published for the npm package. This means, there may be other tags available for this package, such as next to indicate future releases, or stable to indicate stable releases.

Not sure how to use jsesc?

To help you get started, we've collected the most common ways that jsesc is being used within popular public projects.

pocketjoso / penthouse / src / normalize-css.js View on Github

.replace(/(content\s*:\s*)(['"])([^'"]*)(['"])/g, function (
        match,
        pre,
        quote,
        innerContent,
        quote2
      ) {
        if (quote !== quote2) {
          return
        }
        return pre + quote + jsesc(innerContent) + quote
      })
      // .. however it's not perfect for our needs,

View more ways to use jsesc

jsesc

Given some data, jsesc returns a stringified representation of that data. jsesc is similar to JSON.stringify() except:

it outputs JavaScript instead of JSON by default, enabling support for data structures like ES6 maps and sets;
it offers many options to customize the output;
its output is ASCII-safe by default, thanks to its use of escape sequences where needed.

For any input, jsesc generates the shortest possible valid printable-ASCII-only output. Here’s an online demo.

jsesc’s output can be used instead of JSON.stringify’s to avoid mojibake and other encoding issues, or even to avoid errors when passing JSON-formatted data (which may contain U+2028 LINE SEPARATOR, U+2029 PARAGRAPH SEPARATOR, or lone surrogates) to a JavaScript parser or an UTF-8 encoder.

Installation

Via npm:

npm install jsesc

In Node.js:

const jsesc = require('jsesc');

API

`jsesc(value, options)`

This function takes a value and returns an escaped version of the value where any characters that are not printable ASCII symbols are escaped using the shortest possible (but valid) escape sequences for use in JavaScript strings. The first supported value type is strings:

jsesc('Ich ♥ Bücher');
// → 'Ich \\u2665 B\\xFCcher'

jsesc('foo 𝌆 bar');
// → 'foo \\uD834\\uDF06 bar'

Instead of a string, the value can also be an array, an object, a map, a set, or a buffer. In such cases, jsesc returns a stringified version of the value where any characters that are not printable ASCII symbols are escaped in the same way.

// Escaping an array
jsesc([
  'Ich ♥ Bücher', 'foo 𝌆 bar'
]);
// → '[\'Ich \\u2665 B\\xFCcher\',\'foo \\uD834\\uDF06 bar\']'

// Escaping an object
jsesc({
  'Ich ♥ Bücher': 'foo 𝌆 bar'
});
// → '{\'Ich \\u2665 B\\xFCcher\':\'foo \\uD834\\uDF06 bar\'}'

The optional options argument accepts an object with the following options:

`quotes`

The default value for the quotes option is 'single'. This means that any occurrences of ' in the input string are escaped as \', so that the output can be used in a string literal wrapped in single quotes.

jsesc('`Lorem` ipsum "dolor" sit \'amet\' etc.');
// → 'Lorem ipsum "dolor" sit \\\'amet\\\' etc.'

jsesc('`Lorem` ipsum "dolor" sit \'amet\' etc.', {
  'quotes': 'single'
});
// → '`Lorem` ipsum "dolor" sit \\\'amet\\\' etc.'
// → "`Lorem` ipsum \"dolor\" sit \\'amet\\' etc."

If you want to use the output as part of a string literal wrapped in double quotes, set the quotes option to 'double'.

jsesc('`Lorem` ipsum "dolor" sit \'amet\' etc.', {
  'quotes': 'double'
});
// → '`Lorem` ipsum \\"dolor\\" sit \'amet\' etc.'
// → "`Lorem` ipsum \\\"dolor\\\" sit 'amet' etc."

If you want to use the output as part of a template literal (i.e. wrapped in backticks), set the quotes option to 'backtick'.

jsesc('`Lorem` ipsum "dolor" sit \'amet\' etc.', {
  'quotes': 'backtick'
});
// → '\\`Lorem\\` ipsum "dolor" sit \'amet\' etc.'
// → "\\`Lorem\\` ipsum \"dolor\" sit 'amet' etc."
// → `\\\`Lorem\\\` ipsum "dolor" sit 'amet' etc.`

This setting also affects the output for arrays and objects:

jsesc({ 'Ich ♥ Bücher': 'foo 𝌆 bar' }, {
  'quotes': 'double'
});
// → '{"Ich \\u2665 B\\xFCcher":"foo \\uD834\\uDF06 bar"}'

jsesc([ 'Ich ♥ Bücher', 'foo 𝌆 bar' ], {
  'quotes': 'double'
});
// → '["Ich \\u2665 B\\xFCcher","foo \\uD834\\uDF06 bar"]'

`numbers`

The default value for the numbers option is 'decimal'. This means that any numeric values are represented using decimal integer literals. Other valid options are binary, octal, and hexadecimal, which result in binary integer literals, octal integer literals, and hexadecimal integer literals, respectively.

jsesc(42, {
  'numbers': 'binary'
});
// → '0b101010'

jsesc(42, {
  'numbers': 'octal'
});
// → '0o52'

jsesc(42, {
  'numbers': 'decimal'
});
// → '42'

jsesc(42, {
  'numbers': 'hexadecimal'
});
// → '0x2A'

`wrap`

The wrap option takes a boolean value (true or false), and defaults to false (disabled). When enabled, the output is a valid JavaScript string literal wrapped in quotes. The type of quotes can be specified through the quotes setting.

jsesc('Lorem ipsum "dolor" sit \'amet\' etc.', {
  'quotes': 'single',
  'wrap': true
});
// → '\'Lorem ipsum "dolor" sit \\\'amet\\\' etc.\''
// → "\'Lorem ipsum \"dolor\" sit \\\'amet\\\' etc.\'"

jsesc('Lorem ipsum "dolor" sit \'amet\' etc.', {
  'quotes': 'double',
  'wrap': true
});
// → '"Lorem ipsum \\"dolor\\" sit \'amet\' etc."'
// → "\"Lorem ipsum \\\"dolor\\\" sit \'amet\' etc.\""

`es6`

The es6 option takes a boolean value (true or false), and defaults to false (disabled). When enabled, any astral Unicode symbols in the input are escaped using ECMAScript 6 Unicode code point escape sequences instead of using separate escape sequences for each surrogate half. If backwards compatibility with ES5 environments is a concern, don’t enable this setting. If the json setting is enabled, the value for the es6 setting is ignored (as if it was false).

// By default, the `es6` option is disabled:
jsesc('foo 𝌆 bar 💩 baz');
// → 'foo \\uD834\\uDF06 bar \\uD83D\\uDCA9 baz'

// To explicitly disable it:
jsesc('foo 𝌆 bar 💩 baz', {
  'es6': false
});
// → 'foo \\uD834\\uDF06 bar \\uD83D\\uDCA9 baz'

// To enable it:
jsesc('foo 𝌆 bar 💩 baz', {
  'es6': true
});
// → 'foo \\u{1D306} bar \\u{1F4A9} baz'

`escapeEverything`

The escapeEverything option takes a boolean value (true or false), and defaults to false (disabled). When enabled, all the symbols in the output are escaped — even printable ASCII symbols.

jsesc('lolwat"foo\'bar', {
  'escapeEverything': true
});
// → '\\x6C\\x6F\\x6C\\x77\\x61\\x74\\"\\x66\\x6F\\x6F\\\'\\x62\\x61\\x72'
// → "\\x6C\\x6F\\x6C\\x77\\x61\\x74\\\"\\x66\\x6F\\x6F\\'\\x62\\x61\\x72"

This setting also affects the output for string literals within arrays and objects.

`minimal`

The minimal option takes a boolean value (true or false), and defaults to false (disabled). When enabled, only a limited set of symbols in the output are escaped:

U+0000 \0
U+0008 \b
U+0009 \t
U+000A \n
U+000C \f
U+000D \r
U+005C \\
U+2028 \u2028
U+2029 \u2029
whatever symbol is being used for wrapping string literals (based on the quotes option)
lone surrogates

Note: with this option enabled, jsesc output is no longer guaranteed to be ASCII-safe.

jsesc('foo\u2029bar\nbaz©qux𝌆flops', {
  'minimal': false
});
// → 'foo\\u2029bar\\nbaz©qux𝌆flops'

`isScriptContext`

The isScriptContext option takes a boolean value (true or false), and defaults to false (disabled). When enabled, occurrences of [`` or `

jsesc development dependencies

coveralls grunt grunt-cli grunt-template istanbul mocha regenerate requirejs unicode-13.0.0

FAQs

What is jsesc?

Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data. Visit Snyk Advisor to see a full health score report for jsesc, including popularity, security, maintenance & community analysis.

Is jsesc popular?

The npm package jsesc receives a total of 46,567,154 weekly downloads. As such, jsesc popularity was classified as an influential project. Visit the popularity section on Snyk Advisor to see the full health analysis.

Is jsesc well maintained?

We found indications that jsesc is an Inactive project. See the full package health analysis to learn more about the package maintenance status.

Is jsesc safe to use?

The npm package jsesc was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as safe to use. See the full health analysis review.

Last updated on 26 April-2024, at 01:21 (UTC).

Build a secure application checklist

Select a recommended open source package

Minimize your risk by selecting secure & well maintained open source packages

DONE

Scan your app for vulnerabilities

Scan your application to find vulnerabilities in your: source code, open source dependencies, containers and configuration files

SCAN NOW

Fix identified vulnerabilities

Easily fix your code by leveraging automatically generated PRs

AUTO FIX

Monitor for new issues

New vulnerabilities are discovered every day. Get notified if your application is affected

MONITOR APP

Package Health Score

Explore Similar Packages

Security and license risk for significant versions

Is your project affected by vulnerabilities?

Weekly Downloads (46,567,154)

Direct Usage Popularity

Embed Package Health Score Badge

Commit Frequency

Keep your project healthy

Check your package.json

Snyk Vulnerability Scanner

Not sure how to use jsesc?

jsesc

Installation

API

jsesc(value, options)

quotes

numbers

wrap

es6

escapeEverything

minimal

isScriptContext

jsesc development dependencies

FAQs

What is jsesc?

Is jsesc popular?

Is jsesc well maintained?

Is jsesc safe to use?

Build a secure application checklist

Select a recommended open source package

Scan your app for vulnerabilities

Source Code

Open Source

Container

Config

Fix identified vulnerabilities

Monitor for new issues

`jsesc(value, options)`

`quotes`

`numbers`

`wrap`

`es6`

`escapeEverything`

`minimal`

`isScriptContext`