npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

astro-noemail

v1.0.0

Published

Prevents email address harvesting by obfuscating emails in generated Astro HTML and SSR responses

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

hatfieldaaronhatfieldaaron

Keywords

withastroastro-integrationsecurityemailspamscrapingstatic-site

Readme

astro-noemail

Build-time and SSR email address obfuscation for Astro

astro-noemail is a tiny Astro integration that protects email addresses from basic scrapers by converting them into HTML entities during build and for on-demand SSR responses.

There is:

  • no JavaScript at runtime
  • no hydration
  • no DOM mutation in the browser
  • no adapter dependency

Just safer HTML.

Why this exists

Email addresses published in plain HTML are routinely harvested by simple bots.

Most solutions rely on:

  • JavaScript obfuscation
  • runtime DOM rewriting
  • client-side decoding

These approaches:

  • increase page weight
  • break with JS disabled
  • add unnecessary complexity

astro-noemail solves this during rendering and build output, and produces cache-safe output.

Supported rendering modes

This plugin works across:

  • static/prerendered pages
  • hybrid sites with both prerendered and on-demand SSR routes
  • full SSR sites

For client-only rendering, the plugin can only obfuscate email addresses that appear in the HTML Astro sends from the server. Content created later in the browser by client-side JavaScript is outside its scope.

| Mode | Supported | Notes | | --- | --- | --- | | Static / prerendered | Yes | Obfuscates generated .html files during build | | Hybrid | Yes | Obfuscates prerendered pages and SSR responses | | Full SSR | Yes | Obfuscates HTML responses through Astro middleware | | Client-only rendering | Partial | Only server-rendered HTML is processed; browser-created content is not |

What it does

On astro build, the plugin:

  • scans generated .html files in the output directory
  • rewrites HTML responses for SSR pages through Astro middleware
  • finds plain-text email addresses
  • replaces them with numeric HTML entities

Example:

[email protected]

becomes:

info@velohost.co.uk

Browsers render this normally, but basic scrapers do not.

What it does NOT do

This plugin deliberately does not:

  • inject JavaScript into the browser
  • parse the DOM
  • modify Astro source files
  • touch files outside the build output
  • expose environment variables
  • interfere with adapters or rendering

It operates only on HTML responses, not on client-side JavaScript.

Safety guarantees

The obfuscation logic is hardened to:

  • skip <script>, <style>, and <noscript> blocks
  • avoid double-encoding existing HTML entities
  • only mutate files when a change is required
  • never crash or fail a build

Astro-specific HTML rewriting is respected.

Installation

npm install astro-noemail

Usage

Add the integration to your Astro config:

import { defineConfig } from "astro/config";
import astroNoEmail from "astro-noemail";

export default defineConfig({
  integrations: [
    astroNoEmail()
  ]
});

That’s it.

No configuration is required.

The public TypeScript types are exported from the main entrypoint, including NoEmailOptions.

Optional configuration

Disable the plugin

astroNoEmail({
  enabled: false
})

This can be useful for local testing or special builds.

Disable SSR rewriting

astroNoEmail({
  ssr: false
})

This keeps the build-time HTML rewrite on, but skips middleware rewriting for on-demand SSR responses.

Mailto links

Email addresses inside visible text and mailto: links are obfuscated.

The links continue to function normally in browsers.

<noscript> behaviour

Astro may rewrite <noscript> content during compilation.

If an email address is moved outside of a <noscript> block by Astro itself, it will be treated as normal HTML text and obfuscated.

This behaviour is intentional and considered safe.

CDN & caching

Because all changes are static:

  • output can be cached aggressively
  • the plugin works behind any CDN
  • Cloudflare, Netlify, Vercel, S3, and similar platforms are fully supported

Failure behaviour

If a file cannot be processed:

  • the error is logged
  • the build continues
  • the site is not broken

The plugin must never block a deployment.

License

MIT License

Copyright (c) 2026 Velohost UK Limited

Author

Built and maintained by Velohost

Website: https://velohost.co.uk/

Project page: https://velohost.co.uk/plugins/astro-noemail/