Security News
New CVE Forecasting Tool Predicts 47,000 Disclosures in 2025
CVEForecast.org uses machine learning to project a record-breaking surge in vulnerability disclosures in 2025.
By Sarah Gooding - Jul 07, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
string-escape-map
Advanced tools
node-string-escape-map
Escape a given map of special characters
Installation
npm install string-escape-map
Usage
//const stringEscape = require ('string-escape-map') // v.1.x.x � CommonJS
import stringEscape from 'string-escape-map' // v.2.x.x � ES6 module
// initialization
const MY_ESC = new stringEscape ([
['\t', '\\t'],
['\n', '\\n'],
[ "'", "''"],
])
// possible later adjustment
MY_ESC.set ('\r', '')
// run time usage
const unsafeString = `Don't
you?`
const safeString = MY_ESC.escape (unsafeString)
Details
Constructor
The class provided by string-escape-map is derived from Map and shares its constructor argument format: if set, it must be an iterable of key-value pairs.
Additional restrictions on input are same as for the set method (see below).
Methods
set
The standard set method is overloaded to effectively store char codes to safe substring mapping. So:
keyandvaluemust be (primitive)strings;keymust be a single character string.
Under the hood, the key parameter is subject to charCodeAt.
Other than registering a map entry, it sets escape1 or escapeN as this.escape method.
escape
This method executes the module's main task: replaces all the characters in question with their safe representations
const safeString = MY_ESC.escape (unsafeString)
Parameter
unsafeString must be a primitive string.
null, undefined etc. values cause errors.
Zero length strings are allowed.
Return value
A primitive string with all occurrences of each character previously set replaced with corresponding substrings.
escapeN
This method is used as escape in case when more than one entry is set in this map. It scans through unsafeString, detect unsafe chars with charCodeAt and concatenates the result from safe slices glued with replacement strings from this Map.
escape1
This method is used as escape when only one unsafe character is known, so this works as replaceAll. The unsafeString is scanned with indexOf, the result is assembled from the slices detected.
Implementation notes
No replace nor replaceAll method is used.
No regular expression is constructed.
The given string is scanned with charCodeAt (which is significantly faster and more memory efficient than charAt).
If no unsafe character is ever found, the argument is passed through untouched, without creating any temporary object at all.
Otherwise, the resulting string is created by concatenating complete safe slices with replacement substrings for unsafe chars.
Keywords
FAQs
Escape a given map of special characters
The npm package string-escape-map receives a total of 319 weekly downloads. As such, string-escape-map popularity was classified as not popular.
We found that string-escape-map demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 05 Oct 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Browserslist-rs Gets Major Refactor, Cutting Binary Size by Over 1MB
Browserslist-rs now uses static data to reduce binary size by over 1MB, improving memory use and performance for Rust-based frontend tools.
By Sarah Gooding - Jul 04, 2025
Research
Security News
8 More Malicious Firefox Extensions: Exploiting Popular Game Recognition, Hijacking User Sessions, and Stealing OAuth Credentials
Eight new malicious Firefox extensions impersonate games, steal OAuth tokens, hijack sessions, and exploit browser permissions to spy on users.
By Kush Pandya - Jul 04, 2025