Sanitize string for use as filename


Sanitize a string to be safe for use as a filename in Windows and Unix file systems.

var sanitize = require("sanitize-filename");
// Some string that may be unsafe or invalid as a filename 
var UNSAFE_USER_INPUT = "~/.\u0000ssh/authorized_keys";
// Sanitize the string to be safe for use as a filename. 
var filename = sanitize(UNSAFE_USER_INPUT);
// -> "~.sshauthrozied_keys" 

sanitize-filename works by searching the input string for the following and removes them.

  • Control characters (0x00-0x1f and 0x80-0x9f)
  • Reserved characters (/ ? < > \ : * | ")
  • Unix reserved filenames (. and ..)
  • Windows reserved filenames (CON PRN AUX NUL COM1 COM2 COM3 COM4 COM5 COM6 COM7 COM8 COM9 LPT1 LPT2 LPT3 LPT4 LPT5 LPT6 LPT7 LPT8 and LPT9)

The return value is capped at 255 characters in length.

The return value will be safe for use as a filename on modern Windows, OSX, and Unix file systems (NTFS, ext, etc.).

FAT 8.3 filenames are not supported.

Running tests will attempt write various filenames to disk (in the working directory). Run npm test to run tests against your file system.

Note that two unique inputs can result in the same return value. For example:

var sanitize = require("sanitize-filename");
// -> "file" 
sanitize ("file*")
// -> "file" 

Note that the return value can be an empty string. For example:

var sanitize = require("sanitize-filename");
// -> "" 

Sanitize the input string filename by removing or replacing invalid characters. options.replacement can be a string to replace characters with.

npm install sanitize-filename