Product
Introducing Reports: An Extensible Reporting Framework for Socket Data
Explore exportable charts for vulnerabilities, dependencies, and usage with Reports, Socket’s new extensible reporting framework.
By André Staltz - Apr 21, 2026
Launch Week Day 1: Socket for Jira Is Now Available.Learn More →
punycode
A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.
Punycode.js 
Punycode.js is a robust Punycode converter that fully complies to RFC 3492 and RFC 5891.
This JavaScript library is the result of comparing, optimizing and documenting different open-source implementations of the Punycode algorithm:
- The C example code from RFC 3492
punycode.cby Markus W. Scherer (IBM)punycode.cby Ben Noordhuis- JavaScript implementation by some
punycode.jsby Ben Noordhuis (note: not fully compliant)
This project was bundled with Node.js from v0.6.2+ until v7 (soft-deprecated).
This project provides a CommonJS module that uses ES2015+ features and JavaScript module, which work in modern Node.js versions and browsers. For the old Punycode.js version that offers the same functionality in a UMD build with support for older pre-ES2015 runtimes, including Rhino, Ringo, and Narwhal, see v1.4.1.
Installation
Via npm:
npm install punycode --save
In Node.js:
⚠️ Note that userland modules don't hide core modules. For example,
require('punycode')still imports the deprecated core module even if you executednpm install punycode. Userequire('punycode/')to import userland modules rather than core modules.
const punycode = require('punycode/');
API
punycode.decode(string)
Converts a Punycode string of ASCII symbols to a string of Unicode symbols.
// decode domain name parts
punycode.decode('maana-pta'); // 'mañana'
punycode.decode('--dqo34k'); // '☃-⌘'
punycode.encode(string)
Converts a string of Unicode symbols to a Punycode string of ASCII symbols.
// encode domain name parts
punycode.encode('mañana'); // 'maana-pta'
punycode.encode('☃-⌘'); // '--dqo34k'
punycode.toUnicode(input)
Converts a Punycode string representing a domain name or an email address to Unicode. Only the Punycoded parts of the input will be converted, i.e. it doesn’t matter if you call it on a string that has already been converted to Unicode.
// decode domain names
punycode.toUnicode('xn--maana-pta.com');
// → 'mañana.com'
punycode.toUnicode('xn----dqo34k.com');
// → '☃-⌘.com'
// decode email addresses
punycode.toUnicode('джумла@xn--p-8sbkgc5ag7bhce.xn--ba-lmcq');
// → 'джумла@джpумлатест.bрфa'
punycode.toASCII(input)
Converts a lowercased Unicode string representing a domain name or an email address to Punycode. Only the non-ASCII parts of the input will be converted, i.e. it doesn’t matter if you call it with a domain that’s already in ASCII.
// encode domain names
punycode.toASCII('mañana.com');
// → 'xn--maana-pta.com'
punycode.toASCII('☃-⌘.com');
// → 'xn----dqo34k.com'
// encode email addresses
punycode.toASCII('джумла@джpумлатест.bрфa');
// → 'джумла@xn--p-8sbkgc5ag7bhce.xn--ba-lmcq'
punycode.ucs2
punycode.ucs2.decode(string)
Creates an array containing the numeric code point values of each Unicode symbol in the string. While JavaScript uses UCS-2 internally, this function will convert a pair of surrogate halves (each of which UCS-2 exposes as separate characters) into a single code point, matching UTF-16.
punycode.ucs2.decode('abc');
// → [0x61, 0x62, 0x63]
// surrogate pair for U+1D306 TETRAGRAM FOR CENTRE:
punycode.ucs2.decode('\uD834\uDF06');
// → [0x1D306]
punycode.ucs2.encode(codePoints)
Creates a string based on an array of numeric code point values.
punycode.ucs2.encode([0x61, 0x62, 0x63]);
// → 'abc'
punycode.ucs2.encode([0x1D306]);
// → '\uD834\uDF06'
punycode.version
A string representing the current Punycode.js version number.
For maintainers
How to publish a new release
-
On the
mainbranch, bump the version number inpackage.json:npm version patch -m 'Release v%s'Instead of
patch, useminorormajoras needed.Note that this produces a Git commit + tag.
-
Push the release commit and tag:
git push && git push --tagsOur CI then automatically publishes the new release to npm, under both the
punycodeandpunycode.jsnames.
Author
 |
|---|
| Mathias Bynens |
License
Punycode.js is available under the MIT license.
Other packages similar to punycode
idna-uts46-hx
A library that implements IDNA (Internationalized Domain Names in Applications) to Punycode conversion using the latest Unicode version. It's similar to punycode but follows the IDNA 2008 protocol, which is more up-to-date compared to the IDNA 2003 protocol that punycode follows.
FAQs
A robust Punycode converter that fully complies to RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms.
The npm package punycode receives a total of 109,470,886 weekly downloads. As such, punycode popularity was classified as popular.
We found that punycode demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 30 Oct 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket for Jira Is Now Available
Socket for Jira lets teams turn alerts into Jira tickets with manual creation, automated ticketing rules, and two-way sync.
By Jeppe Hasseriis - Apr 20, 2026
Company News
Socket Named Top Sales Organization by RepVue
Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.
By Sarah Gooding - Apr 17, 2026