Security News
MCP Community Begins Work on Official MCP Metaregistry
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
By Sarah Gooding - May 09, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
parse-entities
Advanced tools
What is parse-entities?
The parse-entities npm package is used to parse HTML entities in text. It can decode named and numerical character references in HTML, making it useful for processing and sanitizing HTML content.
What are parse-entities's main functionalities?
Decode named character references
This feature allows you to decode named character references in a string. For example, it converts " to ".
const parseEntities = require('parse-entities');
const decoded = parseEntities('The "quick" brown fox');
console.log(decoded); // Output: The "quick" brown foxDecode numerical character references
This feature allows you to decode numerical character references in a string. For example, it converts 😀 to 😀.
const parseEntities = require('parse-entities');
const decoded = parseEntities('The 😀 emoji');
console.log(decoded); // Output: The 😀 emojiDecode mixed character references
This feature allows you to decode a mix of named and numerical character references in a string.
const parseEntities = require('parse-entities');
const decoded = parseEntities('The "quick" brown fox jumps over the lazy dog🐶');
console.log(decoded); // Output: The "quick" brown fox jumps over the lazy dog🐶Other packages similar to parse-entities
he
The 'he' package (short for HTML entities) is a robust HTML entity encoder/decoder. It supports both named and numerical character references and offers more configuration options compared to parse-entities.
entities
The 'entities' package is another library for encoding and decoding XML and HTML entities. It provides similar functionality to parse-entities but also includes support for encoding entities, which parse-entities does not offer.
html-entities
The 'html-entities' package provides methods to encode and decode HTML entities. It supports both named and numerical references and offers additional features like encoding non-ASCII characters.
parse-entities
Parse HTML character references.
Contents
- What is this?
- When should I use this?
- Install
- Use
- API
- Types
- Compatibility
- Security
- Related
- Contribute
- License
What is this?
This is a small and powerful decoder of HTML character references (often called entities).
When should I use this?
You can use this for spec-compliant decoding of character references. It’s small and fast enough to do that well. You can also use this when making a linter, because there are different warnings emitted with reasons for why and positional info on where they happened.
Install
This package is ESM only. In Node.js (version 14.14+, 16.0+), install with npm:
npm install parse-entities
In Deno with esm.sh:
import {parseEntities} from 'https://esm.sh/parse-entities@3'
In browsers with esm.sh:
<script type="module">
import {parseEntities} from 'https://esm.sh/parse-entities@3?bundle'
</script>
Use
import {parseEntities} from 'parse-entities'
console.log(parseEntities('alpha & bravo')))
// => alpha & bravo
console.log(parseEntities('charlie ©cat; delta'))
// => charlie ©cat; delta
console.log(parseEntities('echo © foxtrot ≠ golf 𝌆 hotel'))
// => echo © foxtrot ≠ golf 𝌆 hotel
API
This package exports the identifier parseEntities.
There is no default export.
parseEntities(value[, options])
Parse HTML character references.
options
Configuration (optional).
options.additional
Additional character to accept (string?, default: '').
This allows other characters, without error, when following an ampersand.
options.attribute
Whether to parse value as an attribute value (boolean?, default: false).
This results in slightly different behavior.
options.nonTerminated
Whether to allow nonterminated references (boolean, default: true).
For example, ©cat for ©cat.
This behavior is compliant to the spec but can lead to unexpected results.
options.position
Starting position of value (Position or Point, optional).
Useful when dealing with values nested in some sort of syntax tree.
The default is:
{line: 1, column: 1, offset: 0}
options.warning
Error handler (Function?).
options.text
Text handler (Function?).
options.reference
Reference handler (Function?).
options.warningContext
Context used when calling warning ('*', optional).
options.textContext
Context used when calling text ('*', optional).
options.referenceContext
Context used when calling reference ('*', optional)
Returns
string — decoded value.
function warning(reason, point, code)
Error handler.
Parameters
this(*) — refers towarningContextwhen given toparseEntitiesreason(string) — human readable reason for emitting a parse errorpoint(Point) — place where the error occurredcode(number) — machine readable code the error
The following codes are used:
| Code | Example | Note |
|---|---|---|
1 | foo & bar | Missing semicolon (named) |
2 | foo { bar | Missing semicolon (numeric) |
3 | Foo &bar baz | Empty (named) |
4 | Foo &# | Empty (numeric) |
5 | Foo &bar; baz | Unknown (named) |
6 | Foo € baz | Disallowed reference |
7 | Foo � baz | Prohibited: outside permissible unicode range |
function text(value, position)
Text handler.
Parameters
this(*) — refers totextContextwhen given toparseEntitiesvalue(string) — string of contentposition(Position) — place wherevaluestarts and ends
function reference(value, position, source)
Character reference handler.
Parameters
this(*) — refers toreferenceContextwhen given toparseEntitiesvalue(string) — decoded character referenceposition(Position) — place wheresourcestarts and endssource(string) — raw source of character reference
Types
This package is fully typed with TypeScript.
It exports the additional types Options, WarningHandler,
ReferenceHandler, and TextHandler.
Compatibility
This package is at least compatible with all maintained versions of Node.js. As of now, that is Node.js 14.14+ and 16.0+. It also works in Deno and modern browsers.
Security
This package is safe: it matches the HTML spec to parse character references.
Related
wooorm/stringify-entities— encode HTML character referenceswooorm/character-entities— info on character referenceswooorm/character-entities-html4— info on HTML4 character referenceswooorm/character-entities-legacy— info on legacy character referenceswooorm/character-reference-invalid— info on invalid numeric character references
Contribute
Yes please! See How to Contribute to Open Source.
License
FAQs
Parse HTML character references
The npm package parse-entities receives a total of 7,445,911 weekly downloads. As such, parse-entities popularity was classified as popular.
We found that parse-entities demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 13 Dec 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Research
Security News
Malicious npm Packages Use Telegram to Exfiltrate BullX Credentials
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.
By Kush Pandya - May 08, 2025
Research
Security News
Backdooring the IDE: Malicious npm Packages Hijack Cursor Editor on macOS
Malicious npm packages posing as developer tools target macOS Cursor IDE users, stealing credentials and modifying files to gain persistent backdoor access.
By Kirill Boychenko - May 07, 2025