Security News
Another Round of TEA Protocol Spam Floods npm, But It’s Not a Worm
Recent coverage mislabels the latest TEA protocol spam as a worm. Here’s what’s actually happening.
By Philipp Burckhardt - Nov 14, 2025
html-encoding-sniffer
Advanced tools
Determine the Encoding of a HTML Byte Stream
This package implements the HTML Standard's encoding sniffing algorithm in all its glory. The most interesting part of this is how it pre-scans the first 1024 bytes in order to search for certain <meta charset>-related patterns.
const htmlEncodingSniffer = require("html-encoding-sniffer");
const fs = require("fs");
const htmlBytes = fs.readFileSync("./html-page.html");
const sniffedEncoding = htmlEncodingSniffer(htmlBytes);
The passed bytes are given as a Uint8Array; the Node.js Buffer subclass of Uint8Array will also work, as shown above.
The returned value will be a canonical encoding name (not a label). You might then combine this with the whatwg-encoding package to decode the result:
const whatwgEncoding = require("whatwg-encoding");
const htmlString = whatwgEncoding.decode(htmlBytes, sniffedEncoding);
Options
You can pass two potential options to htmlEncodingSniffer:
const sniffedEncoding = htmlEncodingSniffer(htmlBytes, {
transportLayerEncodingLabel,
defaultEncoding
});
These represent two possible inputs into the encoding sniffing algorithm:
transportLayerEncodingLabelis an encoding label that is obtained from the "transport layer" (probably a HTTPContent-Typeheader), which overrides everything but a BOM.defaultEncodingis the ultimate fallback encoding used if no valid encoding is supplied by the transport layer, and no encoding is sniffed from the bytes. It defaults to"windows-1252", as recommended by the algorithm's table of suggested defaults for "All other locales" (including theenlocale).
Credits
This package was originally based on the excellent work of @nicolashenry, in jsdom. It has since been pulled out into this separate package.
Other packages similar to html-encoding-sniffer
iconv-lite
iconv-lite is a package that provides encoding and decoding of text in various character sets. Unlike html-encoding-sniffer, which is specifically designed for sniffing HTML document encodings, iconv-lite supports a broader range of encodings and can be used for general text conversion purposes.
jschardet
jschardet is a character encoding detector, similar to the functionality provided by html-encoding-sniffer. However, jschardet is based on the universalchardet library and can be used to detect the encoding of any text, not just HTML documents. It offers a more general approach to encoding detection.
FAQs
Sniff the encoding from a HTML byte stream
We found that html-encoding-sniffer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Package last updated on 12 Nov 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
PyPI Expands Trusted Publishing to GitLab Self-Managed as Adoption Passes 25 Percent
PyPI adds Trusted Publishing support for GitLab Self-Managed as adoption reaches 25% of uploads
By Sarah Gooding - Nov 14, 2025
Research
/Security News
Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
A malicious Chrome extension posing as an Ethereum wallet steals seed phrases by encoding them into Sui transactions, enabling full wallet takeover.
By Kirill Boychenko - Nov 12, 2025