
Research
Malicious npm Packages Impersonate Flashbots SDKs, Targeting Ethereum Wallet Credentials
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
string-to-template-literal
Advanced tools
🔠 Like JSON.stringify(), but returns a template string
🔠 Like JSON.stringify()
, but returns a template string
|
|
📄 Escapes </script>
sequences; safe to inject into <script>
tags
🤩 Great for encoding text for embedding in JavaScript source text
🤏 It's tiny; only 5 lines of code!
📦 Slightly more space-efficient than JSON.stringify()
You can install this package using npm, pnpm, Yarn, or your favorite npm package manager.
npm install string-to-template-literal
You can also import this package straight from an npm CDN if you're in your browser using native ES modules:
import {} from "https://esm.run/string-to-template-literal@^3.0.0";
import {} from "https://esm.sh/string-to-template-literal@^3.0.0";
/** @param {string} x */
function stringToTemplateLiteral(x = "") {
x = `${x}`;
const escaped = x.replace(/\\|`|\$(?={)|(?<=<)\//g, (y) => "\\" + y);
return `\`${escaped}\``;
}
👩⚖️ This code is licensed under the 0BSD license so you don't need to include any license text. 😉
The stringToTemplateLiteral()
function returns a wrapped string that is compatible with eval()
, embedding in <script>
tags, and embedding in .js
files.
import stringToTemplateLiteral from "string-to-template-literal";
// Running in some serverless runtime like
// Vercel, Deno Deploy, AWS Lambda, etc.
async function handleIndexHTML(request) {
const hamlet = await readFile("hamlet.txt", "utf8");
const js = `console.log(${stringToTemplateLiteral(hamlet)})`;
const html = `
<p>Check your DevTools console for Hamlet!</p>
<script>${js}</script>
`;
return new Response(html);
}
The best example of when you might want to use this package is when creating a source code string that you want to embed in your JavaScript application as raw text. Think something like a bundler that needs to embed a .txt
file into a JavaScript source file or a dynamic HTML page that needs to inject some text into a <script>
tag. You could use JSON.stringify()
in all these cases, but your text may become unreadable to humans since JSON.stringify()
forces everything on one line with lots of escapes that are not needed when using `template strings`
.
FAQs
🔠 Like JSON.stringify(), but returns a template string
The npm package string-to-template-literal receives a total of 4,511 weekly downloads. As such, string-to-template-literal popularity was classified as popular.
We found that string-to-template-literal demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.