Research
Security News
Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Add or remove backslashes (escape or unescape).
import { addSlashes, removeSlashes } from 'slashes';
addSlashes(`foo\nbar`); // "foo\\nbar"
removeSlashes(`foo\\nbar`); // "foo\nbar"
By default, addSlashes
will escape (encode) the following characters.
\b
)\f
)\n
)\r
)\t
)\v
)\0
)"
)\
)const escaped = addSlashes(`\n`); // "\\n"
The default character set are characters which cannot be used between double quotes in a JSON string.
const validJsonString = `{ "key": "${escaped}" }`;
Escape encoding can be customized using the getEscaped
option.
The following is the default, equivalent to not setting the getEscaped
option.
import { getEscapedJsonUnsafe } from 'slashes';
addSlashes('...', { getEscaped: getEscapedJsonUnsafe });
Included getEscaped
implementations:
getEscapedJsonUnsafe
- (Default) Encode characters which cannot be used between double quotes in a JSON string.getEscapedAny
- Encode ANY character to a single letter (eg. \n
) or an ES5 Unicode (eg. \u0100
) escape sequence.A custom getEscaped
receives one character (may be Unicode > 2 bytes) at a time. It can return true
to use the standard escape sequence, false
to not escape the character, or a string to provide a custom escape sequence (must begin with a backslash and be at least 2 characters long).
getEscaped(character: string): boolean | `\\${string}`
Be default, removeSlashes
will unescape (decode) all Javascript escape sequences.
// Handles letter escapes
removeSlashes(`\\n`); // "\n"
// Handles ES6 Unicode Code Point escapes
removeSlashes('\\u{a}'); // "\n"
// Handles ES5 Unicode escapes
removeSlashes('\u000a'); // "\n"
// Handles hex escapes
removeSlashes('\x0a'); // "\n"
// Handles octal escapes
removeSlashes('\12'); // "\n"
// Handles any other backslash sequence by removing the leading slash
removeSlashes(`\\a`); // "a"
Although it should generally not be necessary because all escapes are handled by default, escape decoding can be customized using the getUnescaped
option.
The following is the default, equivalent to not setting the getUnescaped
option.
import { getUnescapedAny } from 'slashes';
removeSlashes('...', { getUnescaped: getUnescapedAny });
Included getUnescaped
implementations:
getUnescapedAny
- Decode ANY Javascript supported escape sequence.A custom getUnescaped
implementation receives the escape sequence as the first argument, and the escape sequence code point number or null
(for single letter escape sequences) as the second argument. It can return true
to use the standard decoding, false
to treat the sequence as invalid (only removes the leading backslash), or a string (non-zero length) to provide a custom decoded value for the escape sequence.
getUnescaped(sequence: `\\${string}`, code: number | null): boolean | string
FAQs
Add or remove backslashes (escape or unescape).
We found that slashes demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.