
Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
string-to-template-literal
Advanced tools
๐ Like JSON.stringify()
, but returns a template string
|
|
๐ Escapes </script>
sequences; safe to inject into <script>
tags
๐คฉ Great for encoding text for embedding in JavaScript source text
๐ค It's tiny; only 5 lines of code!
๐ฆ Slightly more space-efficient than JSON.stringify()
You can install this package using npm, pnpm, Yarn, or your favorite npm package manager.
npm install string-to-template-literal
You can also import this package straight from an npm CDN if you're in your browser using native ES modules:
import {} from "https://esm.run/string-to-template-literal@^3.0.0";
import {} from "https://esm.sh/string-to-template-literal@^3.0.0";
/** @param {string} x */
function stringToTemplateLiteral(x = "") {
x = `${x}`;
const escaped = x.replace(/\\|`|\$(?={)|(?<=<)\//g, (y) => "\\" + y);
return `\`${escaped}\``;
}
๐ฉโโ๏ธ This code is licensed under the 0BSD license so you don't need to include any license text. ๐
The stringToTemplateLiteral()
function returns a wrapped string that is compatible with eval()
, embedding in <script>
tags, and embedding in .js
files.
import stringToTemplateLiteral from "string-to-template-literal";
// Running in some serverless runtime like
// Vercel, Deno Deploy, AWS Lambda, etc.
async function handleIndexHTML(request) {
const hamlet = await readFile("hamlet.txt", "utf8");
const js = `console.log(${stringToTemplateLiteral(hamlet)})`;
const html = `
<p>Check your DevTools console for Hamlet!</p>
<script>${js}</script>
`;
return new Response(html);
}
The best example of when you might want to use this package is when creating a source code string that you want to embed in your JavaScript application as raw text. Think something like a bundler that needs to embed a .txt
file into a JavaScript source file or a dynamic HTML page that needs to inject some text into a <script>
tag. You could use JSON.stringify()
in all these cases, but your text may become unreadable to humans since JSON.stringify()
forces everything on one line with lots of escapes that are not needed when using `template strings`
.
FAQs
๐ Like JSON.stringify(), but returns a template string
The npm package string-to-template-literal receives a total of 3,914 weekly downloads. As such, string-to-template-literal popularity was classified as popular.
We found that string-to-template-literal demonstrated a not healthy version release cadence and project activity because the last version was released a year ago.ย It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
Product
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
Product
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.