Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



Encode & decode XML and HTML entities with ease & speed

Version published
Install size
403 kB

Package description

What is entities?

The 'entities' npm package is a library that helps with encoding and decoding HTML entities. It is useful for dealing with HTML data in text form and can be used to prevent XSS attacks by sanitizing input or output.

What are entities's main functionalities?

Encode HTML Entities

Encodes special characters in a string to their corresponding HTML entities. Useful for displaying text on a webpage without it being interpreted as HTML.

"require('entities').encodeHTML('<div>Hello & welcome!</div>');"

Decode HTML Entities

Decodes HTML entities back to their original characters. This is useful for processing text that contains HTML entities and converting them to their readable form.

"require('entities').decodeHTML('&lt;div&gt;Hello &amp; welcome!&lt;/div&gt;');"

Encode XML Entities

Similar to encoding HTML entities, but specifically for XML, which has a smaller set of entities.

"require('entities').encodeXML('<note>Priority & importance</note>');"

Decode XML Entities

Decodes XML entities back to their original characters, which is useful when working with XML data.

"require('entities').decodeXML('&lt;note&gt;Priority &amp; importance&lt;/note&gt;');"

Other packages similar to entities



entities NPM version Downloads Node.js CI

Encode & decode HTML & XML entities with ease & speed.


  • 😇 Tried and true: entities is used by many popular libraries; eg. htmlparser2, the official AWS SDK and commonmark use it to process HTML entities.
  • ⚡️ Fast: entities is the fastest library for decoding HTML entities (as of April 2022); see performance.
  • 🎛 Configurable: Get an output tailored for your needs. You are fine with UTF8? That'll save you some bytes. Prefer to only have ASCII characters? We can do that as well!

How to…

…install entities

npm install entities

…use entities

const entities = require("entities");

// Encoding
entities.escapeUTF8("&#38; ü"); // "&amp;#38; ü"
entities.encodeXML("&#38; ü"); // "&amp;#38; &#xfc;"
entities.encodeHTML("&#38; ü"); // "&amp;&num;38&semi; &uuml;"

// Decoding
entities.decodeXML("asdf &amp; &#xFF; &#xFC; &apos;"); // "asdf & ÿ ü '"
entities.decodeHTML("asdf &amp; &yuml; &uuml; &apos;"); // "asdf & ÿ ü '"


This is how entities compares to other libraries on a very basic benchmark (see scripts/benchmark.ts, for 10,000,000 iterations; lower is better):

LibraryVersiondecode perfencode perfescape perf


What methods should I actually use to encode my documents?

If your target supports UTF-8, the escapeUTF8 method is going to be your best choice. Otherwise, use either encodeHTML or encodeXML based on whether you're dealing with an HTML or an XML document.

You can have a look at the options for the encode and decode methods to see everything you can configure.

When should I use strict decoding?

When strict decoding, entities not terminated with a semicolon will be ignored. This is helpful for decoding entities in legacy environments.

Why should I use entities instead of alternative modules?

As of April 2022, entities is a bit faster than other modules. Still, this is not a very differentiated space and other modules can catch up.

More importantly, you might already have entities in your dependency graph (as a dependency of eg. cheerio, or htmlparser2), and including it directly might not even increase your bundle size. The same is true for other entity libraries, so have a look through your node_modules directory!

Does entities support tree shaking?

Yes! entities ships as both a CommonJS and a ES module. Note that for best results, you should not use the encode and decode functions, as they wrap around a number of other functions, all of which will remain in the bundle. Instead, use the functions that you need directly.


This library wouldn't be possible without the work of these individuals. Thanks to

  • @mathiasbynens for his explanations about character encodings, and his library he, which was one of the inspirations for entities
  • @inikulin for his work on optimized tries for decoding HTML entities for the parse5 project
  • @mdevils for taking on the challenge of producing a quick entity library with his html-entities library. entities would be quite a bit slower if there wasn't any competition. Right now entities is on top, but we'll see how long that lasts!

License: BSD-2-Clause

Security contact information

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.

entities for enterprise

Available as part of the Tidelift Subscription

The maintainers of entities and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.



Last updated on 13 Apr 2023

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc