Tucker McKnight <tucker@pangolin.lan> | Mon Feb 02 2026
Remove lodash, replace with escape-html escape-html is a comparatively tiny library. All I was using of lodash was just the HTML escape function. Incidentally, I fixed a bug that was happening that would sometimes cause escaped HTML characters to show up. This was because a <mark> was being inserted for the red/green diff highlighting, and it was being inserted in between the characters for an escape character. E.g. something like &<mark>lt; which would then not get rendered as a < because it doesn't actually say <. Doing the diff first, with the HTML characters in the string, and *then* escaping them afterwards fixes this.
1
import _ from 'lodash'1
26 27 28 29
m('name', `${_.escape(currentRepo.name)} contributors`)
m('title', _.escape(commit.commit.message.split('\n')[0])),
m('author', m('name', _.escape(commit.commit.author))),
m('content', {type: "text"}, _.escape(commit.commit.message)),26 27 28 29
m('name', `${currentRepo.name} contributors`)
m('title', commit.commit.message.split('\n')[0]),
m('author', m('name', commit.commit.author)),
m('content', {type: "text"}, commit.commit.message),12
"lodash": "^4.17.21",12
"escape-html": "^1.0.3",1080
1080
"node_modules/escape-html": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
"integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
},1282 1283 1284 1285 1286
"node_modules/lodash": {
"version": "4.17.23",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
"integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w=="
},1282 1283 1284 1285 1286
29
"lodash": "^4.17.21",29
"escape-html": "^1.0.3",1
import _ from 'lodash'1
import escape from 'escape-html'37 38 39 40 41 42
lastHunkBefore = _.escape(lastHunkBefore)
lastHunkAfter = _.escape(lastHunkAfter)
beforeText = beforeText + obj.value
afterText = afterText + obj.value
afterText = afterText + "<mark>" + obj.value + "</mark>"
beforeText = beforeText + "<mark>" + obj.value + "</mark>"37 38 39 40 41 42
beforeText = beforeText + escape(obj.value)
afterText = afterText + escape(obj.value)
afterText = afterText + "<mark>" + escape(obj.value) + "</mark>"
beforeText = beforeText + "<mark>" + escape(obj.value) + "</mark>"12 13 14 15 16 17 18
- [ ] get rid of lodash
- [Project page](./projects/node-18.md.html)
- also use globs npm module instead of built-in node version, built-in requires
node 20+.
- add a Dockerfile for node 18, which is the lowest 11ty supports, and see if
this is useable on that.
- lodash is one of the larger (largest?) dependencies right now. With mithril auto-escaping strings, it might not be necessary anymore. Look into which things actually need to be escaped (e.g. any user-input from commit messages) and see if we can just rely on mithril to escape those12 13 14 15 16 17 18
68
68
- [x] get rid of lodash
- [Project page](./projects/node-18.md.html)
- also use globs npm module instead of built-in node version, built-in requires
node 20+.
- add a Dockerfile for node 18, which is the lowest 11ty supports, and see if
this is useable on that.
- lodash is one of the larger (largest?) dependencies right now. With mithril auto-escaping strings, it might not be necessary anymore. Look into which things actually need to be escaped (e.g. any user-input from commit messages) and see if we can just rely on mithril to escape those1
1
\#completed
17
17
## Feb 1, 2026
- Replaced webpack with rollup
- Replaced lodash with escape-html
- Only a few functions needed to be changed to to work with node 18