{"id":22531572,"url":"https://github.com/timkuijsten/node-mongo-escape","last_synced_at":"2025-08-01T04:11:22.075Z","repository":{"id":57301556,"uuid":"77714297","full_name":"timkuijsten/node-mongo-escape","owner":"timkuijsten","description":"Escape variables to prevent NoSQL injection in MongoDB","archived":false,"fork":false,"pushed_at":"2025-02-01T15:10:36.000Z","size":23,"stargazers_count":7,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-07-11T21:11:04.232Z","etag":null,"topics":["mongodb","security"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/mongo-escape","language":"JavaScript","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/timkuijsten.png","metadata":{"files":{"readme":"README.md","changelog":"ChangeLog","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-12-30T22:45:51.000Z","updated_at":"2025-06-17T21:13:57.000Z","dependencies_parsed_at":"2025-04-09T23:45:31.084Z","dependency_job_id":null,"html_url":"https://github.com/timkuijsten/node-mongo-escape","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/timkuijsten/node-mongo-escape","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timkuijsten%2Fnode-mongo-escape","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timkuijsten%2Fnode-mongo-escape/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timkuijsten%2Fnode-mongo-escape/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timkuijsten%2Fnode-mongo-escape/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/timkuijsten","download_url":"https://codeload.github.com/timkuijsten/node-mongo-escape/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/timkuijsten%2Fnode-mongo-escape/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268167436,"owners_count":24206572,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-01T02:00:08.611Z","response_time":67,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mongodb","security"],"created_at":"2024-12-07T08:08:12.085Z","updated_at":"2025-08-01T04:11:22.033Z","avatar_url":"https://github.com/timkuijsten.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mongo-escape\n\nEscape variables to prevent NoSQL injection in MongoDB\n\nReplace all occurences of \"$\" and \".\" with \"＄\" and \"．\", respectively.\n\n**Note**: this module protects against keyword injection, not full JavaScript\ninjection. Don't rely on this module for escaping the [mapReduce] command or\n[$where] operator as these commands parse and execute their values as\nJavaScript. From a security point of view it is recommended to\n[disable server side JavaScript] in MongoDB.\n\n## Examples\n\nEscape a string so that it can be used as a key in a query:\n\n```js\nvar assert = require('assert')\nvar me = require('mongo-escape').escape\n\nvar userInput = me('$in')\n\nassert.equal(userInput, '＄in')\n```\n\nNow escape all keys in an object:\n\n```js\nuserInput = me({\n  'foo': 'bar',\n  'ba.z': {\n    '$in': 'quz'\n  }\n})\n\nassert.deepEqual(userInput, {\n  'foo': 'bar',\n  'ba．z': { '＄in': 'quz' }\n})\n```\n\nNote: beware that keys in objects are replaced in-place, the object is not\ncloned.\n\n## Installation\n\n```sh\n$ npm install mongo-escape\n```\n\n## API\n\n###  escape(obj, [recurse])\n* input {mixed} input to escape\n* recurse {Boolean, default: true} whether or not to recurse\n* @return {mixed} properly escaped input\n\nEnsure any input is properly escaped. Where needed `$` and `.` are replaced\nwith `＄` and `．`, respectively.\n\nIf input is an object, all keys are escaped. If input is not an object but a\nstring it is escaped as well. Otherwise return the original value. If input\nis a function or a symbol an error is raised.\n\nNote: if input is an object, keys are replaced in place.\n\n### unescape(obj, [recurse])\n* input {mixed} input to unescape\n* recurse {Boolean, default: true} whether or not to recurse\n* @return {mixed} properly unescaped input\n\nEnsure any input is properly unescaped. Where needed `＄` and `．` are\nreplaced with `$` and `.`, respectively.\n\nIf input is an object, all keys are unescaped. If input is not an object but\na string it is unescaped as well. Otherwise return the original value. If\ninput is a function or a symbol an error is raised.\n\nNote: if input is an object, keys are replaced in place.\n\n## Tests\n\n```sh\n$ npm test\n```\n\n## License\n\nISC\n\nCopyright (c) 2014, 2016 Tim Kuijsten\n\nPermission to use, copy, modify, and/or distribute this software for any\npurpose with or without fee is hereby granted, provided that the above\ncopyright notice and this permission notice appear in all copies.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\" AND THE AUTHOR DISCLAIMS ALL WARRANTIES\nWITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF\nMERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR\nANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES\nWHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN\nACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF\nOR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.\n\n[disable server side JavaScript]: https://docs.mongodb.com/manual/core/server-side-javascript/#disable-server-side-js\n[mapReduce]: https://docs.mongodb.com/manual/reference/command/mapReduce/#dbcmd.mapReduce\n[$where]: https://docs.mongodb.com/manual/reference/operator/query/where/#op._S_where\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftimkuijsten%2Fnode-mongo-escape","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftimkuijsten%2Fnode-mongo-escape","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftimkuijsten%2Fnode-mongo-escape/lists"}