striptags - npm Package Compare versions

Comparing version 3.1.1 to 4.0.0-alpha.0

package.json

 {
-  "name": "striptags",
-  "description": "PHP strip_tags in Node.js",
-  "license": "MIT",
-  "author": "Eric Norris (https://github.com/ericnorris)",
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/ericnorris/striptags.git"
-  },
-  "main": "src/striptags.js",
-  "homepage": "https://github.com/ericnorris/striptags",
-  "bugs": "https://github.com/ericnorris/striptags/issues",
-  "version": "3.1.1",
-  "devDependencies": {
-    "istanbul": "^0.4.5",
-    "mocha": "^3.2.0"
-  },
-  "keywords": [
-    "striptags",
-    "strip_tags",
-    "html",
-    "strip",
-    "tags"
-  ],
-  "typings": "index.d.ts",
-  "scripts": {
-    "test": "mocha",
-    "coverage": "istanbul cover _mocha -- -R spec"
-  }
+    "name": "striptags",
+    "description": "PHP's strip_tags in Javascript",
+    "license": "MIT",
+    "author": "Eric Norris (https://github.com/ericnorris)",
+    "repository": {
+        "type": "git",
+        "url": "https://github.com/ericnorris/striptags.git"
+    },
+    "homepage": "https://github.com/ericnorris/striptags",
+    "bugs": "https://github.com/ericnorris/striptags/issues",
+    "version": "4.0.0-alpha.0",
+    "keywords": [
+        "striptags",
+        "strip_tags",
+        "html",
+        "strip",
+        "tags"
+    ],
+    "main": "dist/cjs/striptags.js",
+    "module": "dist/es6/striptags.js",
+    "types": "dist/es6/striptags.d.ts",
+    "files": [
+        "dist/"
+    ],
+    "devDependencies": {
+        "@rollup/plugin-typescript": "^6.1.0",
+        "@types/jest": "^26.0.15",
+        "@typescript-eslint/eslint-plugin": "^4.8.1",
+        "@typescript-eslint/parser": "^4.8.1",
+        "eslint": "^7.14.0",
+        "eslint-plugin-prettier": "^3.1.4",
+        "jest": "^26.6.1",
+        "prettier": "^2.2.0",
+        "rollup": "^2.33.3",
+        "ts-jest": "^26.4.3",
+        "tslib": "^2.0.3",
+        "typescript": "^4.0.5"
+    },
+    "scripts": {
+        "test": "jest",
+        "lint": "eslint .",
+        "prepublishOnly": "eslint . && rollup -c"
+    }
 }

README.md

@@ -1,16 +0,12 @@
-# striptags [![Build Status](https://travis-ci.org/ericnorris/striptags.svg)](https://travis-ci.org/ericnorris/striptags)
-An implementation of PHP's [strip_tags](http://www.php.net/manual/en/function.strip-tags.php) in Node.js.
+# striptags (WIP)
 
-**Note:** `v3+` targets ES6, and is therefore incompatible with the master branch of `uglifyjs`. You can either:
-- use `babili`, which supports ES6
-- use the `harmony` branch of `uglifyjs`
-- stick with the [2.x.x](https://github.com/ericnorris/striptags/tree/v2.x.x) branch
+An implementation of PHP's [strip_tags](https://www.php.net/manual/en/function.strip-tags.php) in Typescript.
 
-## Features
-- Fast
-- Zero dependencies
-- 100% test code coverage
-- No unsafe regular expressions
+## Highlights
 
+- No dependencies
+- Prevents XSS by default
+
 ## Installing
+
 ```
@@ -21,71 +17,68 @@ npm install striptags
 ## Basic Usage
-```javascript
-striptags(html, allowed_tags, tag_replacement);
+
+```typescript
+// commonjs format
+striptags(text: string, options?: Partial<StateMachineOptions>): string;
 ```
 
-### Example
+### Examples
+
 ```javascript
-var striptags = require('striptags');
+// commonjs format
+const striptags = require("striptags").striptags;
 
-var html =
-    '<a href="https://example.com">' +
-        'lorem ipsum <strong>dolor</strong> <em>sit</em> amet' +
-    '</a>';
+// alternatively:
+// import { striptags } from "striptags";
 
-striptags(html);
-striptags(html, '<strong>');
-striptags(html, ['a']);
-striptags(html, [], '\n');
+var html = `
+<a href="https://example.com">lorem ipsum <strong>dolor</strong> <em>sit</em> amet</a>
+`.trim();
+
+console.log(striptags(html));
+console.log(striptags(html, {allowedTags: new Set(["strong"])}));
+console.log(striptags(html, {tagReplacementText: "🍩"}));
 ```
 
 Outputs:
-```
-'lorem ipsum dolor sit amet'
-```
 
 ```
-lorem ipsum <strong>dolor</strong> sit amet'
+lorem ipsum dolor sit amet
+lorem ipsum <strong>dolor</strong> sit amet
+🍩lorem ipsum 🍩dolor🍩 🍩sit🍩 amet🍩
 ```
 
-```
-'<a href="https://example.com">lorem ipsum dolor sit amet</a>'
-```
+## Advanced Usage
 
+```typescript
+class StateMachine {
+    constructor(partialOptions?: Partial<StateMachineOptions>);
+    consume(text: string): string;
+}
 ```
 
-lorem ipsum
-dolor
- sit amet
-```
+The `StateMachine` class is similar to the `striptags` function, but persists state across calls to `consume()` so that you may safely pass in a stream of text. For example:
 
-## Streaming Mode
-`striptags` can also operate in streaming mode. Simply call `init_streaming_mode` to get back a function that accepts HTML and outputs stripped HTML. State is saved between calls so that partial HTML can be safely passed in.
-
 ```javascript
-let stream_function = striptags.init_streaming_mode(
-    allowed_tags,
-    tag_replacement
-);
+const StateMachine = require("striptags").StateMachine;
 
-let partial_text = stream_function(partial_html);
-let more_text    = stream_function(more_html);
-```
+// alternatively:
+// import { StateMachine } from "striptags";
 
-Check out [test/striptags-test.js](test/striptags-test.js) for a concrete example.
+const instance = new StateMachine();
 
-## Tests
-You can run tests (powered by [mocha](http://mochajs.org/)) locally via:
+console.log(
+  instance.consume("some text with <a") + instance.consume("tag>and more text")
+);
 ```
-npm test
-```
 
-Generate test coverage (powered by [istanbul](https://github.com/gotwarlost/istanbul)) via :
+Outputs:
+
 ```
-npm run coverage
+some text with and more text
 ```
 
+## Options
 
-## Doesn't use regular expressions
-`striptags` does not use any regular expressions for stripping HTML tags.
-
-Regular expressions are not capable of preventing all possible scripting attacks (see [this](http://stackoverflow.com/a/535022)). Here is a [great StackOverflow answer](http://stackoverflow.com/a/5793453) regarding how strip_tags (**when used without specifying allowableTags**) is not vulnerable to scripting attacks.
+* `allowedTags: Set<string>` a set containing a list of tag names to allow (e.g. `new Set(["tagname"])`), default: `new Set([])`.
+* `tagReplacementText: string` a string to use as replacement text when a tag is found and not allowed, default: `""`.
+* `encodePlaintextTagDelimiters: boolean` true if `<` and `>` characters immediately followed by whitespace should be HTML encoded, default: `true`. This is safe to set to `false` if the output is expected to be used only as plaintext.

New alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

No v1

Quality

Package is not semver >=1. This means it is not stable and does not support ^ ranges.

Found 1 instance in 1 package

Fixed alerts

Debug access

Supply chain risk

Uses debug, reflection and dynamic code execution features.

Found 1 instance in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

17610

increased by0.22%

Lines of code

388

increased by12.46%

Number of low supply chain risk alerts

0

decreased by-100%

Worsened metrics

Dev dependency count

12

increased by500%

Number of package files

7

decreased by-22.22%

Number of low quality alerts

1

increased byInfinity%

Number of lines in readme file

84

decreased by-7.69%

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes