{"id":13525821,"url":"https://github.com/mdevils/html-entities","last_synced_at":"2026-04-02T18:45:34.877Z","repository":{"id":6966656,"uuid":"8219372","full_name":"mdevils/html-entities","owner":"mdevils","description":"Fastest HTML entities encode/decode library","archived":false,"fork":false,"pushed_at":"2025-04-06T16:04:39.000Z","size":1323,"stargazers_count":687,"open_issues_count":6,"forks_count":88,"subscribers_count":12,"default_branch":"main","last_synced_at":"2026-02-24T18:34:43.875Z","etag":null,"topics":["ascii-characters","html-entities","html-special-characters","printable-characters"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mdevils.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":["mdevils"],"tidelift":"npm/html-entities"}},"created_at":"2013-02-15T14:10:05.000Z","updated_at":"2026-02-15T13:08:11.000Z","dependencies_parsed_at":"2024-02-26T01:49:23.455Z","dependency_job_id":"279ba4b9-732c-4b44-ac0f-cdc3f7719bc9","html_url":"https://github.com/mdevils/html-entities","commit_stats":{"total_commits":146,"total_committers":18,"mean_commits":8.11111111111111,"dds":0.589041095890411,"last_synced_commit":"071c3d6017e41a03a143ee882a3cb8e102dc66e4"},"previous_names":["mdevils/node-html-entities"],"tags_count":35,"template":false,"template_full_name":null,"purl":"pkg:github/mdevils/html-entities","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdevils%2Fhtml-entities","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdevils%2Fhtml-entities/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdevils%2Fhtml-entities/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdevils%2Fhtml-entities/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mdevils","download_url":"https://codeload.github.com/mdevils/html-entities/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mdevils%2Fhtml-entities/sbom","scorecard":{"id":633031,"data":{"date":"2025-08-11","repo":{"name":"github.com/mdevils/html-entities","commit":"9ee63a120597292967f7d0d704d68d33950625ee"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.8,"checks":[{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Pinned-Dependencies","score":3,"reason":"dependency not pinned by hash detected -- score normalized to 3","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:10: update your workflow using https://app.stepsecurity.io/secureworkflow/mdevils/html-entities/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/mdevils/html-entities/build.yml/main?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   1 out of   1 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 1 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":8,"reason":"2 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-xffm-g5w8-qvg7","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T08:25:04.517Z","repository_id":6966656,"created_at":"2025-08-21T08:25:04.517Z","updated_at":"2025-08-21T08:25:04.517Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29837972,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-25T19:08:47.527Z","status":"ssl_error","status_checked_at":"2026-02-25T18:59:04.705Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ascii-characters","html-entities","html-special-characters","printable-characters"],"created_at":"2024-08-01T06:01:22.541Z","updated_at":"2026-04-02T18:45:34.865Z","avatar_url":"https://github.com/mdevils.png","language":"TypeScript","readme":"# html-entities\n\n[![npm version](https://img.shields.io/npm/v/html-entities.svg)](https://www.npmjs.com/package/html-entities)\n[![License](https://img.shields.io/npm/l/html-entities.svg)](https://github.com/mdevils/html-entities/blob/main/LICENSE)\n[![Types](https://img.shields.io/npm/types/html-entities.svg)](https://www.npmjs.com/package/html-entities)\n[![Bundle size](https://img.shields.io/bundlephobia/minzip/html-entities)](https://bundlephobia.com/package/html-entities)\n\nFast and lightweight HTML entities library for all HTML standards (HTML5, HTML4, XML).\n\n## Features\n\n- 🚀 **Fast performance** - optimized for speed (see [benchmarks](#performance-comparison))\n- 📦 **Lightweight** - small package size (132 kB, see [comparison](#package-size-comparison))\n- 🔄 **Standards compliant** - supports HTML5, HTML4, and XML entities\n- 📄 **Type safe** - includes TypeScript and Flow types\n- 🔌 **Dual ESM/CJS support** - works with both module systems\n\n## Installation\n\n```bash\n# NPM\nnpm install html-entities\n\n# Yarn\nyarn add html-entities\n\n# pnpm\npnpm add html-entities\n```\n\n## Usage\n\n### encode(text, options)\n\nEncodes text by replacing HTML special characters (`\u003c\u003e\u0026\"'`) and/or other character ranges depending on `mode` option.\n\n```js\nimport { encode } from 'html-entities';\n\n// Basic usage (defaults to HTML5 special chars only)\nencode('\u003c \u003e \" \\' \u0026 © ∆');\n// -\u003e '\u0026lt; \u0026gt; \u0026quot; \u0026apos; \u0026amp; © ∆'\n\n// Encode non-ASCII printable characters\nencode('\u003c ©', { mode: 'nonAsciiPrintable' });\n// -\u003e '\u0026lt; \u0026copy;'\n\n// Specify encoding level (XML) and mode\nencode('\u003c ©', { mode: 'nonAsciiPrintable', level: 'xml' });\n// -\u003e '\u0026lt; \u0026#169;'\n\n// Encode only non-ASCII characters, leaving special chars intact\nencode('\u003c \u003e \" \\' \u0026 ©', { mode: 'nonAsciiPrintableOnly', level: 'xml' });\n// -\u003e '\u003c \u003e \" \\' \u0026 \u0026#169;'\n```\n\n#### Options\n\n##### `level`\n- `all` or `html5` (default) - Uses HTML5 named references\n- `html4` - Uses HTML4 named references\n- `xml` - Uses XML named references\n\n##### `mode`\n- `specialChars` (default) - Encodes only HTML special characters\n- `nonAscii` - Encodes HTML special characters and everything outside the [ASCII range](https://en.wikipedia.org/wiki/ASCII)\n- `nonAsciiPrintable` - Encodes HTML special characters and everything outside [ASCII printable characters](https://en.wikipedia.org/wiki/ASCII#Printable_characters)\n- `nonAsciiPrintableOnly` - Encodes everything outside ASCII printable range, keeping HTML special characters intact\n- `extensive` - Encodes all non-printable characters, non-ASCII characters and all characters with named references\n\n##### `numeric`\n- `decimal` (default) - Uses decimal numbers for HTML entities (e.g., `\u0026#169;`)\n- `hexadecimal` - Uses hexadecimal numbers for HTML entities (e.g., `\u0026#xa9;`)\n\n### decode(text, options)\n\nDecodes text by replacing HTML entities with their corresponding characters. Unknown entities are preserved.\n\n```js\nimport { decode } from 'html-entities';\n\n// Basic usage (defaults to HTML5)\ndecode('\u0026lt; \u0026gt; \u0026quot; \u0026apos; \u0026amp; \u0026#169; \u0026#8710;');\n// -\u003e '\u003c \u003e \" \\' \u0026 © ∆'\n\n// Specify encoding level\ndecode('\u0026copy;', { level: 'html5' });\n// -\u003e '©'\n\n// XML level doesn't recognize \u0026copy;\ndecode('\u0026copy;', { level: 'xml' });\n// -\u003e '\u0026copy;'\n```\n\n#### Options\n\n##### `level`\n- `all` or `html5` (default) - Uses HTML5 named references\n- `html4` - Uses HTML4 named references\n- `xml` - Uses XML named references\n\n##### `scope`\n- `body` (default) - Emulates browser behavior when parsing tag bodies: entities without semicolon are also replaced\n- `attribute` - Emulates browser behavior when parsing tag attributes: entities without semicolon are replaced when not followed by `=`\n- `strict` - Ignores entities without semicolon\n\n### decodeEntity(text, options)\n\nDecodes a single HTML entity. Unknown entities are preserved.\n\n```js\nimport { decodeEntity } from 'html-entities';\n\ndecodeEntity('\u0026lt;');\n// -\u003e '\u003c'\n\ndecodeEntity('\u0026copy;', { level: 'html5' });\n// -\u003e '©'\n\ndecodeEntity('\u0026copy;', { level: 'xml' });\n// -\u003e '\u0026copy;'\n```\n\n#### Options\n\n##### `level`\n- `all` or `html5` (default) - Uses HTML5 named references\n- `html4` - Uses HTML4 named references\n- `xml` - Uses XML named references\n\n## Package Size Comparison\n\n| Library | Size |\n|---------|------|\n| **html-entities** | 132 kB |\n| he | 124 kB |\n| entities | 540 kB |\n\n## Performance Comparison\n\nResults from benchmarks using `benchmark.js`. This library's results are marked with `*`.\nSee benchmark source code at `benchmark/benchmark.ts`.\n\n```\nCommon\n\n    Initialization / Load speed\n\n        #1: he x 516 ops/sec ±5.71% (78 runs sampled)\n      * #2: html-entities x 407 ops/sec ±5.64% (81 runs sampled)\n        #3: entities x 352 ops/sec ±4.16% (80 runs sampled)\n\nHTML5\n\n    Encode test\n\n      * #1: html-entities.encode - html5, extensive x 437,236 ops/sec ±0.90% (98 runs sampled)\n        #2: entities.encodeHTML x 335,714 ops/sec ±0.87% (92 runs sampled)\n\n    Encode non-ASCII test\n\n      * #1: html-entities.encode - html5, nonAscii x 749,246 ops/sec ±0.61% (96 runs sampled)\n        #2: entities.encodeNonAsciiHTML x 706,984 ops/sec ±1.06% (98 runs sampled)\n      * #3: html-entities.encode - html5, nonAsciiPrintable x 691,193 ops/sec ±4.47% (90 runs sampled)\n        #4: he.encode x 141,105 ops/sec ±0.87% (92 runs sampled)\n\n    Decode test\n\n        #1: entities.decodeHTML x 678,595 ops/sec ±1.28% (92 runs sampled)\n        #2: entities.decodeHTMLStrict x 684,372 ops/sec ±2.76% (82 runs sampled)\n      * #3: html-entities.decode - html5, strict x 485,664 ops/sec ±0.80% (94 runs sampled)\n      * #4: html-entities.decode - html5, body x 463,074 ops/sec ±1.11% (93 runs sampled)\n      * #5: html-entities.decode - html5, attribute x 456,185 ops/sec ±2.24% (91 runs sampled)\n        #6: he.decode x 302,668 ops/sec ±2.73% (90 runs sampled)\n\nHTML4\n\n    Encode test\n\n      * #1: html-entities.encode - html4, nonAscii x 737,475 ops/sec ±1.04% (95 runs sampled)\n      * #2: html-entities.encode - html4, nonAsciiPrintable x 649,866 ops/sec ±4.28% (79 runs sampled)\n      * #3: html-entities.encode - html4, extensive x 202,337 ops/sec ±3.66% (64 runs sampled)\n\n    Decode test\n\n      * #1: html-entities.decode - html4, attribute x 529,674 ops/sec ±0.90% (90 runs sampled)\n      * #2: html-entities.decode - html4, body x 499,135 ops/sec ±2.27% (80 runs sampled)\n      * #3: html-entities.decode - html4, strict x 489,806 ops/sec ±4.37% (84 runs sampled)\n\nXML\n\n    Encode test\n\n      * #1: html-entities.encode - xml, nonAscii x 823,097 ops/sec ±0.75% (81 runs sampled)\n      * #2: html-entities.encode - xml, nonAsciiPrintable x 764,638 ops/sec ±0.93% (93 runs sampled)\n        #3: entities.encodeXML x 672,186 ops/sec ±1.51% (92 runs sampled)\n      * #4: html-entities.encode - xml, extensive x 376,870 ops/sec ±0.76% (77 runs sampled)\n\n    Decode test\n\n        #1: entities.decodeXML x 930,758 ops/sec ±2.90% (90 runs sampled)\n      * #2: html-entities.decode - xml, body x 617,321 ops/sec ±0.74% (83 runs sampled)\n      * #3: html-entities.decode - xml, attribute x 611,598 ops/sec ±0.50% (92 runs sampled)\n      * #4: html-entities.decode - xml, strict x 607,191 ops/sec ±2.30% (85 runs sampled)\n\nEscaping\n\n    Escape test\n\n        #1: entities.escapeUTF8 x 1,930,874 ops/sec ±0.80% (95 runs sampled)\n        #2: he.escape x 1,717,522 ops/sec ±0.75% (84 runs sampled)\n      * #3: html-entities.encode - xml, specialChars x 1,611,374 ops/sec ±1.30% (92 runs sampled)\n        #4: entities.escape x 673,710 ops/sec ±1.30% (94 runs sampled)\n```\n\n## License\n\nMIT\n\n## Security Contact Information\n\nTo report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.\n\n## For Enterprise\n\nAvailable as part of the Tidelift Subscription.\n\nThe maintainers of `html-entities` and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more.](https://tidelift.com/subscription/pkg/npm-html-entities?utm_source=npm-html-entities\u0026utm_medium=referral\u0026utm_campaign=enterprise)","funding_links":["https://github.com/sponsors/mdevils","https://tidelift.com/funding/github/npm/html-entities","https://tidelift.com/security","https://tidelift.com/subscription/pkg/npm-html-entities?utm_source=npm-html-entities\u0026utm_medium=referral\u0026utm_campaign=enterprise"],"categories":["Repository"],"sub_categories":["Text/String"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdevils%2Fhtml-entities","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmdevils%2Fhtml-entities","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmdevils%2Fhtml-entities/lists"}