npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@valentech/normalize-string

v1.0.2

Published

---

Downloads

10

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

valentechvalentech

Keywords

Readme

normalize-string

Universal String Normalization & Sanitization for Security-Hardened Applications

⚠️ WARNING — READ FIRST ⚠️

This library provides robust, composable, and battle-tested normalization helpers for user input.

Normalization is NOT validation.
Normalization is NOT output escaping.

This library is designed to prepare untrusted input for validation, storage, and later context-specific output encoding (like HTML escaping, SQL parameterization, etc.).

Use this library before your validation layer to clean and standardize user input.
It removes hidden, obfuscated, dangerous characters — but does not validate format correctness.

What does it do?

  • Strips control & zero-width characters
  • Normalizes Unicode (prevents homoglyph attacks)
  • Optionally forces ASCII-only output
  • Optional emoji removal
  • Optional whitespace handling
  • Optional bidirectional character removal
  • Enforces safe length limits
  • Preserves user intent unless dangerous
  • Provides specialized helpers for common types like email, username, slug, URL, phone, search query, filename, comment

Options Interface

export interface NormalizeInputOptions {
  trim?: boolean; // Remove leading/trailing whitespace (default: true)
  removeControlChars?: boolean; // Remove invisible control characters (default: true)
  removeZeroWidth?: boolean; // Remove zero-width characters (default: true)
  normalizeUnicode?: "NFC" | "NFD" | "NFKC" | "NFKD" | false; // Unicode normalization form (default: "NFC")
  toLowerCase?: boolean; // Convert to lowercase (default: false)
  asciiOnly?: boolean; // Remove non-ASCII characters (default: false)
  removeEmojis?: boolean; // Remove emojis (default: false)
  removeWhitespace?: boolean; // Remove all whitespaces (default: false)
  collapseWhitespace?: boolean; // Collapse multiple whitespaces to a single space (default: false)
  removeWhitespace?: boolean; // Remove all whitespace (default: false)
  removeDirectionOverrides?: boolean; // Remove bidirectional override characters (default: false)
  preserveNewlines?: boolean; // Keep \n and \r while removing other control characters (default: false)
  maxLength?: number | null; // Truncate to max length if specified (default: null)
}

Usage Examples

import {
  normalizeEmail,
  normalizeUsername,
  normalizeSlug,
  normalizeSearchQuery,
  normalizePhone,
  normalizeURL,
  normalizeFilename,
  normalizeComment,
} from "@valentech/normalize-string";

normalizeEmail

normalizeEmail("   EXAMPLE@GMAIL.com​  ");
// → "[email protected]"

normalizeUsername

normalizeUsername("   𝗐𝗲𝗬
𝗲𝗬  ")
// → "𝗐𝗲𝗬𝗲𝗬"

normalizeSlug

normalizeSlug("Best   Offer 💣 2025!");
// → "best-offer-2025"

normalizeSearchQuery

normalizeSearchQuery(" Best   🦡 Price EVER ");
// → "best 🦡 price ever"

normalizePhone

normalizePhone("+49 (0) 123 / 456-7890", "DE");
// → "+491234567890"

normalizeURL

normalizeURL("   https://example.com/ path  ‮ ");
// → "https://example.com/path"

normalizeFilename

normalizeFilename("../../../My Résumé💾pdf");
// → "My_Resume.pdf"

normalizeComment

normalizeComment("Great   product!​‌\nHighly recommended.");
// → "Great product! Highly recommended."

Install

npm install @valentech/normalize-string
yarn add @valentech/normalize-string

Final Note

Always combine normalization → validation → context-escaping.

This library cleans input.
It does not validate correctness.
It does not prevent XSS or SQLi unless paired with proper output escaping.

→ Normalize to make input sane.
→ Validate to ensure input shape.
→ Escape to ensure output safety.

License

MIT