entities
Encode & decode XML and HTML entities with ease & speed
35
Versions
BSD-2-Clause
License
No
Install Scripts
Verified
Provenance
Supply chain provenance
Status for the latest visible version.
SLSA provenance attestation
npm registry signatures
gitHead linked
Maintainers
fb55
Keywords
html entitiesentity decoderentity encodinghtml decodinghtml encodingxml decodingxml encoding
Accepted risks
Findings the reviewer chose to accept rather than block on.
| Source | Rule | Reason | Accepted by | When |
|---|---|---|---|---|
| source-diff | obfuscated-file:lib/generated/encode-html.js | AI (source-diff): CJS variant of generated HTML entity encode map. Plainly readable data, not obfuscated. | ai | |
| source-diff | obfuscated-file:lib/esm/generated/encode-html.js | AI (source-diff): Generated HTML entity encode map with readable entity names. Long line due to data density, not obfuscation. | ai | |
| source-diff | obfuscated-file:lib/generated/decode-data-html.js | AI (source-diff): CJS variant of generated HTML entity decode trie data table. Same as ESM version, not obfuscated. | ai | |
| source-diff | obfuscated-file:lib/esm/generated/decode-data-html.js | AI (source-diff): Generated HTML entity decode trie data table, not obfuscated code. Comment and build script confirm generation from write-decode-map.ts. | ai | |
| source-diff | encoded-string-file:src/generated/decode-data-html.ts | AI (source-diff): Generated trie data for HTML entity decoding — core functionality of the package. Source generation scripts are included and referenced in package.json. | ai | |
| source-diff | obfuscated-file:dist/esm/generated/decode-data-html.js | AI (source-diff): ESM variant of generated HTML entity decode trie data; same as commonjs variant. | ai | |
| source-diff | obfuscated-file:dist/commonjs/generated/decode-data-html.js | AI (source-diff): Generated HTML entity decode trie data (base64-encoded Uint16Array); standard pattern for this package's core functionality. | ai | |
| source-diff | obfuscated-file:dist/commonjs/generated/encode-html.js | AI (source-diff): Generated HTML entity encode trie containing entity names like 	, " etc. Clearly legitimate data. | ai | |
| source-diff | obfuscated-file:dist/esm/generated/encode-html.js | AI (source-diff): ESM variant of generated HTML entity encode trie; same as commonjs variant. | ai | |
| source-diff | large-new-source-files | AI (source-diff): Major version bump (v2→v7) with dual CJS/ESM output plus source files; expected file count increase. | ai | |
| source-diff | source-size-tripled | AI (source-diff): Size increase from shipping dual CJS/ESM dist plus src; expected for this package's build setup. | ai | |
| source-diff | obfuscated-file:dist/generated/encode-html.js | AI (source-diff): Generated compact trie serialization for HTML entity encoding — core package functionality with source scripts included. | ai | |
| maintainer-change | maintainer-added | AI (maintainer-change): fb55 is the package author's GitHub handle; feedic is his email domain. Same person. | ai | |
| maintainer-change | maintainer-takeover | AI (maintainer-change): feedic and fb55 are both Felix Boehm (author email [email protected]). Migration to GitHub Actions publishing, not a takeover. | ai | |
| source-diff | obfuscated-file:src/generated/decode-data-html.ts | AI (source-diff): TypeScript source of generated decode trie data; long lines are packed lookup tables, not obfuscation. | ai | |
| source-diff | obfuscated-file:src/generated/encode-html.ts | AI (source-diff): TypeScript source of generated encode trie data; long lines are entity name strings, not obfuscation. | ai | |
| source-diff | obfuscated-file:dist/generated/decode-data-html.js | AI (source-diff): Compiled output of generated trie data for HTML entity decoding. Matching .ts source is included. | ai | |
| maintainer-change | maintainer-removed | AI (maintainer-change): feedic removed in favor of fb55; same author Felix Boehm, migrated to GH Actions publishing. | ai | |
| provenance | publisher-changed | AI (provenance): Publisher changed to GitHub Actions CI/CD with SLSA provenance; legitimate automation of the same author's releases. | ai | |
| provenance | no-provenance | AI (provenance): Package predates Sigstore provenance by many years; 188M weekly downloads and 14+ year history provide strong ecosystem trust signal. | ai | |
| semgrep | semgrep:dynamic-require | AI (semgrep): Dynamic require is used only to load local bundled JSON data files from a known subdirectory, constrained by an internal modes array. Not arbitrary user-controlled input. | ai | |
| semgrep | semgrep:base64-decode | AI (semgrep): Base64 decoding in entities is legitimate — it processes encoded data (e.g., data URIs) as part of HTML/XML entity handling. Stable false positive for this package. | ai |
Versions (showing 35 of 35)
| Version | Deps | Published |
|---|---|---|
| 8.0.0 | 0 / 17 | |
| 7.0.1 | 0 / 19 | |
| 7.0.0 | 0 / 14 | |
| 6.0.1 | 0 / 14 | |
| 6.0.0 | 0 / 14 | |
| 5.0.0 | 0 / 14 | |
| 4.5.0 | 0 / 12 | |
| 4.4.0 | 0 / 12 | |
| 4.3.1 | 0 / 12 | |
| 4.3.0 | 0 / 12 | |
| 4.2.0 | 0 / 12 | |
| 4.1.1 | 0 / 12 | |
| 4.1.0 | 0 / 12 | |
| 4.0.0 | 0 / 12 | |
| 3.0.1 | 0 / 11 | |
| 3.0.0 | 0 / 11 | |
| 2.2.0 | 0 / 12 | |
| 2.1.0 | 0 / 12 | |
| 2.0.3 | 0 / 11 | |
| 2.0.2 | 0 / 11 | |
| 2.0.1 | 0 / 11 | |
| 2.0.0 | 0 / 14 | |
| 1.1.2 | 0 / 5 | |
| 1.1.1 | 0 / 5 | |
| 1.1.0 | 0 / 5 | |
| 1.0.0 | 0 / 5 | |
| 0.5.0 | 0 / 1 | |
| 0.4.1 | 0 / 1 | |
| 0.4.0 | 0 / 1 | |
| 0.3.0 | 0 / 1 | |
| 0.2.2 | 0 / 1 | |
| 0.2.1 | 0 / 0 | |
| 0.2.0 | 0 / 0 | |
| 0.1.1 | 0 / 0 | |
| 0.1.0 | 0 / 0 |