npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

astro-noemail

v0.1.0

Published

Prevents email address harvesting by obfuscating emails in generated Astro HTML at build time

Downloads

63

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

hatfieldaaronhatfieldaaron

Keywords

withastroastro-integrationsecurityemailspamscrapingstatic-site

Readme

astro-noemail

Build-time email address obfuscation for Astro

astro-noemail is a tiny, static-first Astro integration that protects email addresses from basic scrapers by converting them into HTML entities at build time.

There is:

  • no JavaScript at runtime
  • no hydration
  • no DOM mutation in the browser
  • no adapter dependency

Just safer HTML.

Why this exists

Email addresses published in plain HTML are routinely harvested by simple bots.

Most solutions rely on:

  • JavaScript obfuscation
  • runtime DOM rewriting
  • client-side decoding

These approaches:

  • increase page weight
  • break with JS disabled
  • add unnecessary complexity

astro-noemail solves this once, during the build, and produces static, cache-safe output.

What it does

On astro build, the plugin:

  • scans generated .html files in the output directory
  • finds plain-text email addresses
  • replaces them with numeric HTML entities

Example:

[email protected]

becomes:

info@velohost.co.uk

Browsers render this normally, but basic scrapers do not.

What it does NOT do

This plugin deliberately does not:

  • run at runtime
  • inject JavaScript
  • parse the DOM
  • modify Astro source files
  • touch files outside the build output
  • expose environment variables
  • interfere with adapters or rendering

It operates only on final HTML output.

Safety guarantees

The obfuscation logic is hardened to:

  • skip <script>, <style>, and <noscript> blocks
  • avoid double-encoding existing HTML entities
  • only mutate files when a change is required
  • never crash or fail a build

Astro-specific HTML rewriting is respected.

Installation

npm install astro-noemail

Usage

Add the integration to your Astro config:

import { defineConfig } from "astro/config";
import astroNoEmail from "astro-noemail";

export default defineConfig({
  integrations: [
    astroNoEmail()
  ]
});

That’s it.

No configuration is required.

Optional configuration

Disable the plugin

astroNoEmail({
  enabled: false
})

This can be useful for local testing or special builds.

Mailto links

Email addresses inside visible text and mailto: links are obfuscated.

The links continue to function normally in browsers.

<noscript> behaviour

Astro may rewrite <noscript> content during compilation.

If an email address is moved outside of a <noscript> block by Astro itself, it will be treated as normal HTML text and obfuscated.

This behaviour is intentional and considered safe.

CDN & caching

Because all changes are static:

  • output can be cached aggressively
  • the plugin works behind any CDN
  • Cloudflare, Netlify, Vercel, S3, and similar platforms are fully supported

Failure behaviour

If a file cannot be processed:

  • the error is logged
  • the build continues
  • the site is not broken

The plugin must never block a deployment.

License

MIT

Author

Built and maintained by Velohost

Website: https://velohost.co.uk/

Project page: https://velohost.co.uk/plugins/astro-noemail/