Lightweight Go library providing robust string sanitization and normalization utilities
| CI / CD | Quality & Security | Docs & Meta | Community |
|---|---|---|---|
    |   |      |    |
- Installation
- Usage
- Documentation
- Examples & Tests
- Benchmarks
- Code Standards
- AI Compliance
- Maintainers
- Contributing
- License
go-sanitize requires a supported release of Go.
go get -u .com/mrz1836/go-sanitizeHere is a basic example of how to use go-sanitize in your Go project:
package main
import (
"fmt"
".com/mrz1836/go-sanitize"
)
func main() {
// Sanitize a string to remove unwanted characters
input := "Hello, World! @2025"
sanitized := sanitize.AlphaNumeric(input, false) // true to keep spaces
// Output: "Sanitized String: HelloWorld2025"
fmt.Println("Sanitized String:", sanitized)
}- Explore additional usage examples for practical integration patterns
- Review benchmark results to assess performance characteristics
- Examine the comprehensive test suite for validation and coverage
- Fuzz tests are available to ensure robustness against unexpected inputs
View the generated documentation
Heads up!
go-sanitizeis intentionally light on dependencies. The only external package it uses is the excellenttestifysuite—and that's just for our tests. You can drop this library into your projects without dragging along extra baggage.
- Alpha and alphanumeric sanitization with optional spaces
- Bitcoin and Bitcoin Cash address sanitizers
- Custom regular expression helper for arbitrary patterns
- Precompiled regex sanitizer for repeated patterns
- Decimal, domain, email and IP address normalization
- HTML and XML stripping with script removal
- URI, URL and XSS sanitization
Alpha: Remove non-alphabetic characters, optionally keep spacesAlphaNumeric: Remove non-alphanumeric characters, optionally keep spacesBitcoinAddress: Filter input to valid Bitcoin address charactersBitcoinCashAddress: Filter input to valid Bitcoin Cash address charactersCustom: Use a custom regex to filter input (legacy)CustomCompiled: Use a precompiled custom regex to filter input (suggested)Decimal: Keep only decimal or float charactersDomain: Sanitize domain, optionally preserving case and removing wwwEmail: Normalize an email addressFirstToUpper: Capitalize the first letter of a stringFormalName: Keep only formal name charactersHTML: Strip HTML tagsIPAddress: Return sanitized and valid IPv4 or IPv6 addressNumeric: Remove all but numeric digitsPhoneNumber: Keep digits and plus signs for phone numbersPathName: Sanitize to a path-friendly namePunctuation: Allow letters, numbers and basic punctuationScientificNotation: Keep characters valid in scientific notationScripts: Remove scripts, iframe and object tagsSingleLine: Replace line breaks and tabs with spacesTime: Keep only valid time charactersURI: Keep characters allowed in a URIURL: Keep characters allowed in a URLXML: Strip XML tagsXSS: Remove common XSS attack strings
Library Deployment
This project uses goreleaser for streamlined binary and library deployment to . To get started, install it via:
brew install goreleaserThe release process is defined in the .goreleaser.yml configuration file.
To generate a snapshot (non-versioned) release for testing purposes, run:
make release-snapBefore tagging a new version, update the release metadata in the CITATION.cff file:
make citation version=0.2.1Then create and push a new Git tag using:
make tag version=x.y.zThis process ensures consistent, repeatable releases with properly versioned artifacts and citation metadata.
Makefile Commands
View all makefile commands
make helpList of all current commands:
bench ## Run all benchmarks in the Go application
build-go ## Build the Go application (locally)
citation ## Update version in CITATION.cff (use version=X.Y.Z)
clean-mods ## Remove all the Go mod cache
coverage ## Show test coverage
diff ## Show git diff and fail if uncommitted changes exist
generate ## Run go generate in the base of the repo
godocs ## Trigger GoDocs tag sync
govulncheck-install ## Install govulncheck
help ## Display this help message
install-go ## Install using go install with specific version
install-releaser ## Install GoReleaser
install ## Install the application binary
lint ## Run the golangci-lint application (install if not found)
release-snap ## Build snapshot binaries
release-test ## Run release dry-run (no publish)
release ## Run production release (requires _token)
run-fuzz-tests ## Run fuzz tests for all packages
tag-remove ## Remove local and remote tag (use version=X.Y.Z)
tag-update ## Force-update tag to current commit (use version=X.Y.Z)
tag ## Create and push a new tag (use version=X.Y.Z)
test-ci-no-race ## CI test suite without race detector
test-ci-short ## CI unit-only short tests
test-ci ## CI full test suite with coverage
test-no-lint ## Run only tests (no lint)
test-short ## Run tests excluding integration
test-unit ## Runs tests and outputs coverage
test ## Run lint and all tests
uninstall ## Uninstall the Go binary
update-linter ## Upgrade golangci-lint (macOS only)
update-releaser ## Reinstall GoReleaser
update ## Update dependencies
vet ## Run go vet
Workflows
| Workflow Name | Description |
|---|---|
| auto-merge-on-approval.yml | Automatically merges PRs after approval and all required checks, following strict rules. |
| check-for-s.yml | Runs gits to detect secrets on a daily schedule. |
| clean-runner-cache.yml | Removes Actions caches tied to closed pull requests. |
| codeql-analysis.yml | Analyzes code for security vulnerabilities using CodeQL. |
| delete-merged-branches.yml | Deletes feature branches after their pull requests are merged. |
| dependabot-auto-merge.yml | Automatically merges Dependabot PRs that meet all requirements. |
| pull-request-management.yml | Labels PRs by branch prefix, assigns a default user if none is assigned, and welcomes new contributors with a comment. |
| release.yml | Builds and publishes releases via GoReleaser when a semver tag is pushed. |
| run-tests.yml | Runs linter, Go tests and dependency checks on every push and pull request. |
| scorecard.yml | Runs OpenSSF Scorecard to assess supply chain security. |
| stale.yml | Warns about (and optionally closes) inactive issues and PRs on a schedule or manual trigger. |
| sync-labels.yml | Keeps labels in sync with the declarative manifest at ./labels.yml. |
Updating Dependencies
To update all dependencies (Go modules, linters, and related tools), run:
make updateThis command ensures all dependencies are brought up to date in a single step, including Go modules and any tools managed by the Makefile. It is the recommended way to keep your development environment and CI in sync with the latest versions.
All unit tests and examples run via Actions and use Go version 1.18.x. View the configuration file.
Run all tests:
make testRun the Go benchmarks:
make benchPerformance benchmarks for the core functions in this library, executed on an Apple M1 Max (ARM64):
| Benchmark | Iterations | ns/op | B/op | allocs/op |
|---|---|---|---|---|
| Alpha | 15,108,703 | 78.7 | 24 | 1 |
| Alpha_WithSpaces | 13,972,903 | 83.2 | 24 | 1 |
| AlphaNumeric | 10,619,542 | 112.0 | 32 | 1 |
| AlphaNumeric_WithSpaces | 10,005,721 | 118.9 | 32 | 1 |
| BitcoinAddress | 10,766,221 | 112.0 | 48 | 1 |
| BitcoinCashAddress | 7,910,431 | 151.6 | 48 | 1 |
| Custom (Legacy) | 920,336 | 1,277.0 | 944 | 17 |
| CustomCompiled | 1,638,974 | 730.6 | 96 | 5 |
| Decimal | 18,779,281 | 62.74 | 24 | 1 |
| Domain | 4,988,238 | 243.2 | 176 | 3 |
| Domain_PreserveCase | 5,707,197 | 210.4 | 160 | 2 |
| Domain_RemoveWww | 4,991,971 | 240.4 | 176 | 3 |
| 8,781,903 | 137.2 | 48 | 2 | |
| Email_PreserveCase | 13,118,786 | 92.15 | 24 | 1 |
| FirstToUpper | 65,587,063 | 17.93 | 16 | 1 |
| FormalName | 15,207,229 | 78.84 | 24 | 1 |
| HTML | 2,557,639 | 469.4 | 64 | 3 |
| IPAddress | 11,802,175 | 101.4 | 48 | 3 |
| IPAddress_IPV6 | 2,997,530 | 384.0 | 112 | 3 |
| Numeric | 27,050,888 | 44.0 | 16 | 1 |
| PhoneNumber | 18,070,621 | 66.33 | 24 | 1 |
| PathName | 15,465,885 | 78.74 | 24 | 1 |
| Punctuation | 9,166,885 | 130.7 | 48 | 1 |
| ScientificNotation | 19,580,979 | 61.32 | 24 | 1 |
| Scripts | 2,025,324 | 594.6 | 64 | 2 |
| SingleLine | 12,599,416 | 95.94 | 32 | 1 |
| Time | 24,114,907 | 48.93 | 16 | 1 |
| URI | 11,414,026 | 104.7 | 32 | 1 |
| URL | 11,462,407 | 105.1 | 32 | 1 |
| XML | 4,179,268 | 288.5 | 56 | 3 |
| XSS | 3,499,938 | 345.1 | 40 | 2 |
These benchmarks reflect fast, allocation-free lookups for most retrieval functions, ensuring optimal performance in production environments.
Read more about this Go project's code standards.
This project documents expectations for AI assistants using a few dedicated files:
- AGENTS.md — canonical rules for coding style, workflows, and pull requests used by Codex.
- CLAUDE.md — quick checklist for the Claude agent.
- .cursorrules — machine-readable subset of the policies for Cursor and similar tools.
- sweep.yaml — rules for Sweep, a tool for code review and pull request management.
Edit AGENTS.md first when adjusting these policies, and keep the other files in sync within the same pull request.
 |
|---|
| MrZ |
View the contributing guidelines and please follow the code of conduct.
All kinds of contributions are welcome 🙌! The most basic way to show your support is to star 🌟 the project, or to raise issues 💬. You can also support this project by becoming a sponsor on 👏 or by making a bitcoin donation to ensure this journey continues indefinitely! 🚀
