A lightweight, zero-dependency Node.js library for normalizing usernames and comments, with code injection detection (HTML, JS, PHP).
npm install friendly-name-parserAnalyzes the input string and returns an object with the following properties:
| Property | Type | Description |
|---|---|---|
pretty |
string |
Normalized, title-cased name |
isHTML |
boolean |
Contains HTML tags |
isJS |
boolean |
Contains JavaScript keywords |
isPHP |
boolean |
Contains PHP code |
breakSpaces |
boolean |
Contains Unicode break spaces |
hasMultilineComments |
boolean |
Contains multiline comments (/* */, <!-- -->) |
isPlainText |
boolean |
true if none of the above flags are set |
detected |
string[] |
List of detected issues, e.g. ['HTML', 'JS'] |
Cleans and formats a string into a readable, title-cased display name.
- Removes: URLs, HTML tags, PHP tags, HTML entities, JS keywords, control characters, invalid characters (anything that's not a letter, digit,
'or~) - Normalizes: title case (e.g.
hello world→Hello World), excessive spaces, dots - Special: if the input contains an e-mail address, extracts and title-cases the username part
- Keeps: emojis, Unicode letters (all languages)
Strips all potentially harmful or noisy content from a username.
- Removes: URLs, e-mails, HTML tags, PHP tags, HTML entities, JS function calls, JS variable declarations, JS keywords, multiline comments (
/* */,<!-- -->), Unicode break/zero-width spaces, control characters - Normalizes: excessive spaces, multiple dots, space before punctuation
- Keeps: emojis, plain text
Same as cleanNick but preserves URLs (useful for user-submitted comments or bio text).
- Removes: HTML tags, PHP tags, HTML entities, JS function calls, JS variable declarations, JS keywords, multiline comments (
/* */,<!-- -->), Unicode break/zero-width spaces, control characters - Normalizes: excessive spaces, multiple dots, space before punctuation
- Keeps: URLs, emojis, plain text
Options:
| Option | Type | Default | Description |
|---|---|---|---|
markdown |
boolean |
false |
When true, preserves Markdown syntax: skips multiline comment removal (which would strip # headings), multiple-dot normalization, and space-before-punctuation fixes. |
const FriendlyNameParser = require('friendly-name-parser');
// Static methods
FriendlyNameParser.prettyNick('I LOVE CUTE cats!!! 💞😻'); // "I Love Cute Cats"
FriendlyNameParser.prettyNick('<script>alert("Hello")</script>'); // "Hello"
FriendlyNameParser.prettyNick('sefinek@example.com'); // "Sefinek"
FriendlyNameParser.cleanNick('sefinek 🐱 https://sefinek.net <b>x</b>'); // "sefinek 🐱 x"
FriendlyNameParser.cleanComment('See https://example.com <b>bold</b> text'); // "See https://example.com bold text"
FriendlyNameParser.cleanComment('# Heading\n**bold** <script>x</script>', { markdown: true }); // "# Heading\n**bold** x"
// Full analysis
const result = new FriendlyNameParser('<script>alert("hello world");</script>');
console.log(result);
// {
// pretty: 'Hello World',
// isHTML: true,
// isJS: true,
// isPHP: false,
// breakSpaces: false,
// hasMultilineComments: false,
// isPlainText: false,
// detected: [ 'HTML', 'JS' ]
// }More examples in the example folder.
<script src="https://cdn.jsdelivr.net/npm/friendly-name-parser@2/dist/friendly-name-parser.min.js"></script>Copyright © Sefinek. Licensed under the MIT License.
