# Packages
# README
π go-sanitize
Lightweight Go library providing robust string sanitization and normalization utilities
| CIΒ /Β CD | QualityΒ &Β Security | DocsΒ &Β Meta | Community |
|---|---|---|---|
|
|
|
|
ποΈ Table of Contents
- Installation
- Usage
- Documentation
- Examples & Tests
- Benchmarks
- Code Standards
- AI Compliance
- Maintainers
- Contributing
- License
π¦ Installation
go-sanitize requires a supported release of Go.
go get -u github.com/mrz1836/go-sanitize
π‘ Usage
Here is a basic example of how to use go-sanitize in your Go project:
package main
import (
"fmt"
"github.com/mrz1836/go-sanitize"
)
func main() {
// Sanitize a string to remove unwanted characters
input := "Hello, World! @2025"
sanitized := sanitize.AlphaNumeric(input, false) // true to keep spaces
// Output: "Sanitized String: HelloWorld2025"
fmt.Println("Sanitized String:", sanitized)
}
- Explore additional usage examples for practical integration patterns
- Review benchmark results to assess performance characteristics
- Examine the comprehensive test suite for validation and coverage
- Fuzz tests are available to ensure robustness against unexpected inputs
π Documentation
View the generated documentation
Heads up!
go-sanitizeis intentionally light on dependencies. The only external package it uses is the excellenttestifysuiteβand that's just for our tests. You can drop this library into your projects without dragging along extra baggage.
Features
- Alpha and alphanumeric sanitization with optional spaces
- Bitcoin and Bitcoin Cash address sanitizers
- Custom regular expression helper for arbitrary patterns
- Precompiled regex sanitizer for repeated patterns
- Decimal, domain, email and IP address normalization
- HTML and XML stripping with script removal
- URI, URL and XSS sanitization
Functions
Alpha: Remove non-alphabetic characters, optionally keep spacesAlphaNumeric: Remove non-alphanumeric characters, optionally keep spacesBitcoinAddress: Filter input to valid Bitcoin address charactersBitcoinCashAddress: Filter input to valid Bitcoin Cash address charactersCustom: Use a custom regex to filter input (legacy)CustomCompiled: Use a precompiled custom regex to filter input (suggested)Decimal: Keep only decimal or float charactersDomain: Sanitize domain, optionally preserving case and removing wwwEmail: Normalize an email addressFirstToUpper: Capitalize the first letter of a stringFormalName: Keep only formal name charactersHTML: Strip HTML tagsIPAddress: Return sanitized and valid IPv4 or IPv6 addressNumeric: Remove all but numeric digitsPhoneNumber: Keep digits and plus signs for phone numbersPathName: Sanitize to a path-friendly namePunctuation: Allow letters, numbers and basic punctuationScientificNotation: Keep characters valid in scientific notationScripts: Remove scripts, iframe and object tagsSingleLine: Replace line breaks and tabs with spacesTime: Keep only valid time charactersURI: Keep characters allowed in a URIURL: Keep characters allowed in a URLXML: Strip XML tagsXSS: Remove common XSS attack strings
Additional Documentation & Repository Management
Development Setup (Getting Started)
Install MAGE-X build tool for development:
# Install MAGE-X for development and building
go install github.com/mrz1836/mage-x/cmd/magex@latest
magex update:install
Library Deployment
This project uses goreleaser for streamlined binary and library deployment to GitHub. To get started, install it via:
brew install goreleaser
The release process is defined in the .goreleaser.yml configuration file.
Then create and push a new Git tag using:
magex version:bump bump=patch push
This process ensures consistent, repeatable releases with properly versioned artifacts and citation metadata.
Build Commands
View all build commands
magex help
GitHub Workflows
ποΈ The Workflow Control Center
All GitHub Actions workflows in this repository are powered by configuration files: .env.base (default configuration) and optionally .env.custom (project-specific overrides) β your one-stop shop for tweaking CI/CD behavior without touching a single YAML file! π―
Configuration Files:
- .env.base β Default configuration that works for most Go projects
- .env.custom β Optional project-specific overrides
This magical file controls everything from:
- π Go version matrix (test on multiple versions or just one)
- π Runner selection (Ubuntu or macOS, your wallet decides)
- π¬ Feature toggles (coverage, fuzzing, linting, race detection, benchmarks)
- π‘οΈ Security tool versions (gitleaks, nancy, govulncheck)
- π€ Auto-merge behaviors (how aggressive should the bots be?)
- π·οΈ PR management rules (size labels, auto-assignment, welcome messages)
Pro tip: Want to disable code coverage? Just add
ENABLE_CODE_COVERAGE=falseto your .env.custom to override the default in .env.base and push. No YAML archaeology required!
| Workflow Name | Description |
|---|---|
| auto-merge-on-approval.yml | Automatically merges PRs after approval and all required checks, following strict rules. |
| codeql-analysis.yml | Analyzes code for security vulnerabilities using GitHub CodeQL. |
| dependabot-auto-merge.yml | Automatically merges Dependabot PRs that meet all requirements. |
| fortress.yml | Runs the GoFortress security and testing workflow, including linting, testing, releasing, and vulnerability checks. |
| pull-request-management.yml | Labels PRs by branch prefix, assigns a default user if none is assigned, and welcomes new contributors with a comment. |
| scorecard.yml | Runs OpenSSF Scorecard to assess supply chain security. |
| stale.yml | Warns about (and optionally closes) inactive issues and PRs on a schedule or manual trigger. |
| sync-labels.yml | Keeps GitHub labels in sync with the declarative manifest at .github/labels.yml. |
Updating Dependencies
To update all dependencies (Go modules, linters, and related tools), run:
magex deps:update
This command ensures all dependencies are brought up to date in a single step, including Go modules and any managed tools. It is the recommended way to keep your development environment and CI in sync with the latest versions.
π§ͺ Examples & Tests
All unit tests and fuzz tests run via GitHub Actions and use Go version 1.18.x. View the configuration file.
Run all tests (fast):
magex test
Run all tests with race detector (slower):
magex test:race
β‘ Benchmarks
Run the Go benchmarks:
magex bench
Benchmark Results
| Benchmark | Iterations | ns/op | B/op | allocs/op |
|---|---|---|---|---|
| Alpha | 14,018,806 | 84.89 | 24 | 1 |
| Alpha_WithSpaces | 12,664,946 | 94.25 | 24 | 1 |
| AlphaNumeric | 9,161,546 | 130.6 | 32 | 1 |
| AlphaNumeric_WithSpaces | 7,978,879 | 150.8 | 32 | 1 |
| BitcoinAddress | 8,843,929 | 137.1 | 48 | 1 |
| BitcoinCashAddress | 5,892,612 | 196.2 | 48 | 1 |
| Custom (Legacy) | 938,733 | 1,249.0 | 913 | 16 |
| CustomCompiled | 1,576,502 | 762.3 | 96 | 5 |
| Decimal | 16,285,825 | 73.91 | 24 | 1 |
| Domain | 4,784,115 | 251.6 | 176 | 3 |
| Domain_PreserveCase | 5,594,325 | 213.9 | 160 | 2 |
| Domain_RemoveWww | 4,771,556 | 251.0 | 176 | 3 |
| 8,380,172 | 144.2 | 48 | 2 | |
| Email_PreserveCase | 13,468,302 | 90.06 | 24 | 1 |
| FirstToUpper | 57,342,418 | 20.60 | 16 | 1 |
| FormalName | 14,557,754 | 83.12 | 24 | 1 |
| HTML | 2,558,787 | 468.5 | 48 | 3 |
| IPAddress | 11,388,638 | 102.7 | 32 | 2 |
| IPAddress_IPV6 | 3,434,715 | 350.9 | 96 | 2 |
| Numeric | 22,661,516 | 52.92 | 16 | 1 |
| PhoneNumber | 17,502,224 | 68.84 | 24 | 1 |
| PathName | 13,881,150 | 86.58 | 24 | 1 |
| Punctuation | 7,377,070 | 162.3 | 48 | 1 |
| ScientificNotation | 19,399,621 | 61.62 | 24 | 1 |
| Scripts | 2,060,790 | 580.6 | 16 | 1 |
| SingleLine | 9,777,549 | 123.5 | 32 | 1 |
| Time | 21,270,655 | 55.92 | 16 | 1 |
| URI | 9,005,937 | 133.4 | 32 | 1 |
| URL | 8,989,400 | 135.2 | 32 | 1 |
| XML | 4,351,617 | 275.7 | 48 | 3 |
| XSS | 3,302,917 | 362.9 | 40 | 2 |
These benchmarks reflect fast, allocation-free lookups for most retrieval functions, ensuring optimal performance in production environments. Performance benchmarks for the core functions in this library, executed on an Apple M1 Max (ARM64).
π οΈ Code Standards
Read more about this Go project's code standards.
π€ AI Compliance
This project documents expectations for AI assistants using a few dedicated files:
- AGENTS.md β canonical rules for coding style, workflows, and pull requests used by Codex.
- CLAUDE.md β quick checklist for the Claude agent.
- .cursorrules β machine-readable subset of the policies for Cursor and similar tools.
- sweep.yaml β rules for Sweep, a tool for code review and pull request management.
Edit AGENTS.md first when adjusting these policies, and keep the other files in sync within the same pull request.
π₯ Maintainers
 |
|---|
| MrZ |
π€ Contributing
View the contributing guidelines and please follow the code of conduct.
How can I help?
All kinds of contributions are welcome :raised_hands:! The most basic way to show your support is to star :star2: the project, or to raise issues :speech_balloon:. You can also support this project by becoming a sponsor on GitHub :clap: or by making a bitcoin donation to ensure this journey continues indefinitely! :rocket:
π License
