Security News
pnpm 10.0.0 Blocks Lifecycle Scripts by Default
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
A really small, performant, unicode-aware library for working with Strings in Node.js.
Javascript has a serious problem with unicode. Even ES6 can’t solve the problem
entirely since some characters like the new colored emojis are three bytes
instead of two bytes. Sometimes even more! "👍🏽".length
returns 4
which is
totally wrong (hint: it should be 1!). ES6's Array.from
tried to solve this,
but that even fails: Array.from("👍🏽")
returns ["👍", "🏽"]
which is
incorrect. This library tries to tackle all these problems with a mega RegExp.
Read More Here.
$ npm install stringz --save
And import it in your awesome node app:
// ES2015+
import * as stringz from 'stringz'; // OR:
import { limit, substring, length, substr } from 'stringz';
// CommonJS
const stringz = require('stringz'); // OR:
const { limit, substr } = require('stringz');
function limit(str[, limit[, padStr[, padPosition]]])
Param | Type | Default | Description |
---|---|---|---|
str | String | none | The string to be limited |
limit | Number | 16 | Desired string length |
padStr | String | "#" | Character to pad the output with |
padPosition | String | "right" | Pad position: "right" or "left" |
// Truncate:
limit('Life’s like a box of chocolates.', 20); // "Life's like a box of"
// Pad:
limit('Everybody loves emojis!', 26, '💩'); // "Everybody loves emojis!💩💩💩"
limit('What are you looking at?', 30, '+', 'left'); // "++++++What are you looking at?"
// Unicode Aware:
limit('🤔🤔🤔', 2); // "🤔🤔"
limit('👍🏽👍🏽', 4, '👍🏽'); // "👍🏽👍🏽👍🏽👍🏽"
function length(str)
Param | Type | Default | Description |
---|---|---|---|
str | String | none | String to return the length for |
length('Iñtërnâtiônàlizætiøn☃💩'); // 22
function substring(str, start[, end])
Param | Type | Default | Description |
---|---|---|---|
str | String | none | String to be devided |
start | Number | none | Start position |
end | Number | End of string | End position |
substring('Emojis 👍🏽 are 🍆 poison. 🌮s are bad.', 7, 14); // "👍🏽 are 🍆"
function substr(str[, start[, length]])
Param | Type | Default | Description |
---|---|---|---|
str | String | none | String to be devided |
start | Number | Start of string | Start position |
length | Number | String length minus start parameter | Length of result |
substr('A.C. Milan 🇮🇹⚽️', 5, 7); // "Milan 🇮🇹"
function indexOf(str[, searchStr[, position]])
Param | Type | Default | Description |
---|---|---|---|
str | String | none | String to get index |
searchStr | String | none | String to be searched |
position | Number | 0 | Start of searching |
indexOf('Emojis 👍🏽 are 🍆 poison. 🌮s are bad.', 'are'); // 9
indexOf('Emojis 👍🏽 are 🍆 poison. 🌮s are bad.', 'are', 10); // 26
function toArray(str)
Param | Type | Default | Description |
---|---|---|---|
str | String | none | String to convert to array |
toArray('👍🏽🍆🌮'); // ['👍🏽', '🍆', '🌮']
$ npm test
This library scores high in a length benchmark (it's intended usage) and should be fast for most use case.
Stringz .length (accurate) x 861,039 ops/sec ±1.57% (84 runs sampled)
Lodash .toArray (accurate) x 795,108 ops/sec ±2.13% (82 runs sampled)
Emoji Aware .split (inaccurate) x 2,269 ops/sec ±1.38% (85 runs sampled)
Spliddit .length (inaccurate) x 487,718 ops/sec ±2.21% (83 runs sampled)
UTF8 Length (inaccurate) x 232,918 ops/sec ±1.02% (87 runs sampled)
Fastest is Stringz .length
To run benchmarks yourself:
$ cd ./benchmark
$ npm install
$ node run.js
This software is released under the MIT License.
FAQs
Zero-dependency unicode-aware string tools
We found that stringz demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.
Research
Security News
Socket researchers have discovered multiple malicious npm packages targeting Solana private keys, abusing Gmail to exfiltrate the data and drain Solana wallets.