fhirsmith 0.4.2 → 0.5.0

package/library/utilities.js

@@ -25,11 +25,42 @@ const Utilities = {
     return isNaN(num) ? defaultValue : num;
   },
   parseFloatOrDefault(value, defaultValue) {
-  const num = parseFloat(value);
-  return isNaN(num) ? defaultValue : num;
+    const num = parseFloat(value);
+    return isNaN(num) ? defaultValue : num;
 
 
-}
+  },
+
+  /**
+   * Format the difference between two Date.now() timestamps for human reading
+   * @param {number} start - earlier timestamp (from Date.now())
+   * @param {number} end - later timestamp (from Date.now())
+   * @returns {string} formatted duration
+   */
+  formatDuration(start, end) {
+    let ms = Math.abs(end - start);
+
+    if (ms < 1000) return `${ms}ms`;
+
+    const days = Math.floor(ms / 86400000);
+    ms %= 86400000;
+    const hours = Math.floor(ms / 3600000);
+    ms %= 3600000;
+    const minutes = Math.floor(ms / 60000);
+    ms %= 60000;
+    const seconds = Math.floor(ms / 1000);
+    ms %= 1000;
+
+    const parts = [];
+    if (days) parts.push(`${days}d`);
+    if (hours) parts.push(`${hours}h`);
+    if (minutes) parts.push(`${minutes}m`);
+    if (seconds || ms) {
+      parts.push(ms ? `${seconds}.${String(ms).padStart(3, '0')}s` : `${seconds}s`);
+    }
+
+    return parts.join(' ');
+  }
 
 };
 
@@ -172,25 +203,75 @@ function isAbsoluteUrl(s) {
 }
 
 /**
- * Escape HTML special characters
+ * This class takes two lists, and matches between the lists, producing three new lists:
+ *   * items that are in both
+ *   * items that only in left
+ *   * items that are only in right
+ *
+ * You have to give it a match function that is called asynchronously
+ *
+ * examples of use:
+ *
+ * const matcher = new ArrayMatcher((l, r) =>
+ *   this.filtersMatch(localstatus, cs, l, r)
+ * );
+ * await matcher.match(leftArray, rightArray);
+ *
+ * // Use the results
+ * for (const { left, right } of matcher.matched) { ... }
+ * for (const item of matcher.unmatchedLeft) { ... }
+ * for (const item of matcher.unmatchedRight) { ... }
+ *
+ * // or
+ * const matcher2 = new ArrayMatcher((l, r) =>
+ *   this.compareProperties(system, version, l, r)
+ * );
+ * await matcher2.match(propsA, propsB);
+ *
  */
-function escapeHtml(text) {
-  if (text === null || text === undefined) {
-    return '';
-  }
-  if (typeof text !== 'string') {
-    return String(text);
+class ArrayMatcher {
+  constructor(matchFn) {
+    this.matchFn = matchFn;
+    this.matched = [];
+    this.unmatchedLeft = [];
+    this.unmatchedRight = [];
   }
 
-  const map = {
-    '&': '&amp;',
-    '<': '&lt;',
-    '>': '&gt;',
-    '"': '&quot;',
-    "'": '&#x27;'
-  };
+  /**
+   *
+   * @param left an array of items (or null/undefined)
+   * @param right an array of items (or null/undefined)
+   * @returns {Promise<ArrayMatcher>}
+   */
+  async match(left, right) {
+    if (!left) {
+      left = [];
+    }
+    if (!right) {
+      right = [];
+    }
+
+    this.matched = [];
+    this.unmatchedRight = [...right];
+
+    for (const l of left) {
+      let idx = -1;
+      for (let i = 0; i < this.unmatchedRight.length; i++) {
+        if (await this.matchFn(l, this.unmatchedRight[i])) {
+          idx = i;
+          break;
+        }
+      }
+      if (idx !== -1) {
+        this.matched.push({ left: l, right: this.unmatchedRight[idx] });
+        this.unmatchedRight.splice(idx, 1);
+      } else {
+        this.unmatchedLeft.push(l);
+      }
+    }
 
-  return text.replace(/[&<>"']/g, m => map[m]);
+    return this;
+  }
 }
 
-module.exports = { Utilities, validateParameter, validateOptionalParameter, validateArrayParameter, validateResource, strToBool, getValuePrimitive, getValueDT, getValueName, isAbsoluteUrl, escapeHtml };
+module.exports = { Utilities, ArrayMatcher, validateParameter, validateOptionalParameter, validateArrayParameter, validateResource, strToBool, getValuePrimitive, getValueDT, getValueName, isAbsoluteUrl };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fhirsmith",
-  "version": "0.4.2",
+  "version": "0.5.0",
   "description": "A Node.js server that provides a collection of tools to serve the FHIR ecosystem",
   "main": "server.js",
   "engines": {
@@ -44,7 +44,7 @@
     "express-rate-limit": "^7.4.1",
     "express-session": "^1.19.0",
     "fast-xml-parser": "^5.3.4",
-    "fhir-validator-wrapper": "1.2.1",
+    "fhir-validator-wrapper": "1.2.2",
     "fhirpath": "^4.8.3",
     "fs-extra": "^11.3.3",
     "inquirer": "^8.2.5",

package/packages/package-crawler.js

@@ -13,9 +13,10 @@ const path = require('path');
 class PackageCrawler {
   log;
   
-  constructor(config, db) {
+  constructor(config, db, stats) {
     this.config = config;
     this.db = db;
+    this.stats = stats;
     this.totalBytes = 0;
     this.crawlerLog = {};
     this.errors = '';
@@ -36,6 +37,7 @@ class PackageCrawler {
     };
 
     this.log.info('Running web crawler for packages using master URL: '+ this.config.masterUrl);
+    this.stats.task('Package Crawler', 'Running');
 
     try {
       // Fetch the master JSON file
@@ -54,6 +56,7 @@ class PackageCrawler {
           this.log.info('Skipping feed with no URL: '+ feedConfig);
           continue;
         }
+        this.stats.task('Package Crawler', 'Running for '+feedConfig.url);
 
         try {
           await this.updateTheFeed(
@@ -76,6 +79,7 @@ class PackageCrawler {
       this.log.info(`Web crawler completed successfully in ${runTime}ms`);
       this.log.info(`Total bytes processed: ${this.totalBytes}`);
 
+      this.stats.task('Package Crawler', 'Complete');
       return this.crawlerLog;
 
     } catch (error) {
@@ -83,6 +87,7 @@ class PackageCrawler {
       this.crawlerLog.runTime = `${runTime}ms`;
       this.crawlerLog.fatalException = error.message;
       this.crawlerLog.endTime = new Date().toISOString();
+      this.stats.task('Package Crawler', 'Error: '+error.message);
 
       this.log.error('Web crawler failed: '+ error);
       throw error;

package/packages/packages.js

@@ -12,9 +12,10 @@ const fs = require('fs');
 const PackageCrawler = require('./package-crawler.js');
 const htmlServer = require('../library/html-server');
 const folders = require('../library/folder-setup');
-
+const escape = require('escape-html');
 const Logger = require('../library/logger');
 const {validateParameter} = require("../library/utilities");
+const {describeCron} = require("../library/cron-utilities");
 const pckLog = Logger.getInstance().child({ module: 'packages' });
 
 class PackagesModule {
@@ -125,24 +126,6 @@ class PackagesModule {
     };
   }
 
-  // Enhanced HTML escaping
-  escapeHtml(str) {
-    if (!str || typeof str !== 'string') return '';
-
-    const escapeMap = {
-      '&': '&',
-      '<': '&lt;',
-      '>': '&gt;',
-      '"': '&quot;',
-      "'": '&#x27;',
-      '/': '&#x2F;',
-      '`': '&#x60;',
-      '=': '&#x3D;'
-    };
-
-    return str.replace(/[&<>"'`=/]/g, (match) => escapeMap[match]);
-  }
-
   buildSecureQuery(baseQuery, conditions = []) {
     let query = baseQuery;
     const params = [];
@@ -572,7 +555,7 @@ class PackagesModule {
     await this.ensureMirrorDirectory();
 
     // Initialize the crawler
-    this.crawler = new PackageCrawler(this.config, this.db);
+    this.crawler = new PackageCrawler(this.config, this.db, this.stats);
 
     // Start the hourly web crawler if enabled
     if (config.crawler.enabled) {
@@ -804,6 +787,7 @@ class PackagesModule {
 
   startCrawlerJob() {
     if (this.config.crawler && this.config.crawler.schedule) {
+      this.stats.addTask("Package Crawler", describeCron(this.config.crawler.schedule));
       this.crawlerJob = cron.schedule(this.config.crawler.schedule, async () => {
         pckLog.info('Starting scheduled package crawler...');
         try {
@@ -1445,12 +1429,12 @@ class PackagesModule {
 
     for (const pkg of updates) {
       table += '<tr>';
-      table += `<td><a href="${this.escapeHtml(pkg.url)}">${this.escapeHtml(pkg.name)}</a></td>`;
-      table += `<td>${this.escapeHtml(pkg.version)}</td>`;
-      table += `<td>${this.escapeHtml(pkg.fhirVersion)}</td>`;
-      table += `<td>${this.escapeHtml(pkg.kind)}</td>`;
+      table += `<td><a href="${escape(pkg.url)}">${escape(pkg.name)}</a></td>`;
+      table += `<td>${escape(pkg.version)}</td>`;
+      table += `<td>${escape(pkg.fhirVersion)}</td>`;
+      table += `<td>${escape(pkg.kind)}</td>`;
       table += `<td>${new Date(pkg.date).toLocaleDateString()} ${new Date(pkg.date).toLocaleTimeString()}</td>`;
-      table += `<td>${this.escapeHtml(pkg.canonical || '')}</td>`;
+      table += `<td>${escape(pkg.canonical || '')}</td>`;
       table += '</tr>';
     }
 
@@ -1899,12 +1883,12 @@ class PackagesModule {
 
     for (const pv of sortedVersions) {
       table += '<tr>';
-      table += `<td title="${this.escapeHtml(pv.GUID)}"><strong>${this.escapeHtml(pv.Version)}</strong></td>`;
-      table += `<td>${this.escapeHtml(this.interpretVersion(pv.FhirVersions))}</td>`;
-      table += `<td>${this.escapeHtml(this.codeForKind(pv.Kind))}</td>`;
+      table += `<td title="${escape(pv.GUID)}"><strong>${escape(pv.Version)}</strong></td>`;
+      table += `<td>${escape(this.interpretVersion(pv.FhirVersions))}</td>`;
+      table += `<td>${escape(this.codeForKind(pv.Kind))}</td>`;
       table += `<td>${new Date(pv.PubDate).toLocaleDateString()}</td>`;
       table += `<td>${(pv.DownloadCount || 0).toLocaleString()}</td>`;
-      table += `<td><a href="/packages/${this.escapeHtml(id)}/${this.escapeHtml(pv.Version)}" class="btn btn-sm btn-primary">Download</a></td>`;
+      table += `<td><a href="/packages/${escape(id)}/${escape(pv.Version)}" class="btn btn-sm btn-primary">Download</a></td>`;
       table += '</tr>';
     }
 
@@ -1949,7 +1933,7 @@ class PackagesModule {
     let content = '<div class="row mb-4">';
     content += '<div class="col-12">';
     content += '<table class="grid">';
-    content += `<tr><td>Package ID:</td><td>${this.escapeHtml(id)}</td></tr>`;
+    content += `<tr><td>Package ID:</td><td>${escape(id)}</td></tr>`;
     content += `<tr><td>Description</td><td>${vars.desc}</td></tr>`;
     content += `<tr><td>Total Versions:</td><td>${vars.count}</td></tr>`;
     content += `<tr><td>Total Downloads:</td><td>${vars.downloads}</td></tr>`;
@@ -1969,7 +1953,7 @@ class PackagesModule {
   formatTextToHTML(text) {
     if (!text) return '';
     // Basic text to HTML formatting - convert newlines to <br>
-    return this.escapeHtml(text).replace(/\n/g, '<br>');
+    return escape(text).replace(/\n/g, '<br>');
   }
 
   async serveSearch(req, res) {
@@ -2142,13 +2126,13 @@ class PackagesModule {
 
     for (const pkg of results) {
       table += '<tr>';
-      table += `<td><a href="${this.escapeHtml(pkg.url)}">${this.escapeHtml(pkg.name)}</a></td>`;
-      table += `<td>${this.escapeHtml(pkg.version)} (<a href="/packages/${this.escapeHtml(pkg.name)}">all</a>)</td>`;
-      table += `<td>${this.escapeHtml(pkg.fhirVersion)}</td>`;
-      table += `<td>${this.escapeHtml(pkg.kind)}</td>`;
+      table += `<td><a href="${escape(pkg.url)}">${escape(pkg.name)}</a></td>`;
+      table += `<td>${escape(pkg.version)} (<a href="/packages/${escape(pkg.name)}">all</a>)</td>`;
+      table += `<td>${escape(pkg.fhirVersion)}</td>`;
+      table += `<td>${escape(pkg.kind)}</td>`;
       table += `<td>${pkg.date ? new Date(pkg.date).toLocaleDateString() : 'N/A'}</td>`;
       table += `<td>${pkg.count ? pkg.count.toLocaleString() : 'N/A'}</td>`;
-      table += `<td>${this.escapeHtml(pkg.canonical || '')}</td>`;
+      table += `<td>${escape(pkg.canonical || '')}</td>`;
       table += '</tr>';
     }
 
@@ -2202,22 +2186,22 @@ class PackagesModule {
 
     content += '<tr>';
     content += '<td>Id</td>';
-    content += `<td><input type="text" name="name" value="${this.escapeHtml(vars.name)}"></td>`;
+    content += `<td><input type="text" name="name" value="${escape(vars.name)}"></td>`;
     content += '</tr>';
 
     content += '<tr>';
     content += '<td>Depends On</td>';
-    content += `<td><input type="text" name="dependson" value="${this.escapeHtml(vars.dependson)}"> <i>includes both direct and indirect dependencies</i></td>`;
+    content += `<td><input type="text" name="dependson" value="${escape(vars.dependson)}"> <i>includes both direct and indirect dependencies</i></td>`;
     content += '</tr>';
 
     content += '<tr>';
     content += '<td>Canonical (Package)</td>';
-    content += `<td><input type="text" name="pkgcanonical" value="${this.escapeHtml(vars.canonicalPkg)}"></td>`;
+    content += `<td><input type="text" name="pkgcanonical" value="${escape(vars.canonicalPkg)}"></td>`;
     content += '</tr>';
 
     content += '<tr>';
     content += '<td>Canonical (Resource)</td>';
-    content += `<td><input type="text" name="canonical" value="${this.escapeHtml(vars.canonicalUrl)}"></td>`;
+    content += `<td><input type="text" name="canonical" value="${escape(vars.canonicalUrl)}"></td>`;
     content += '</tr>';
 
     content += '<tr>';
@@ -2368,10 +2352,10 @@ class PackagesModule {
       <h1>FHIR Package Search</h1>
       
       <form class="search-form" method="GET">
-        <input type="text" name="name" placeholder="Package name" value="${this.escapeHtml(name)}">
-        <input type="text" name="dependson" placeholder="Depends on" value="${this.escapeHtml(dependson)}">
-        <input type="text" name="canonicalPkg" placeholder="Canonical package" value="${this.escapeHtml(canonicalPkg)}">
-        <input type="text" name="canonicalUrl" placeholder="Canonical URL" value="${this.escapeHtml(canonicalUrl)}">
+        <input type="text" name="name" placeholder="Package name" value="${escape(name)}">
+        <input type="text" name="dependson" placeholder="Depends on" value="${escape(dependson)}">
+        <input type="text" name="canonicalPkg" placeholder="Canonical package" value="${escape(canonicalPkg)}">
+        <input type="text" name="canonicalUrl" placeholder="Canonical URL" value="${escape(canonicalUrl)}">
         <select name="fhirVersion">
           <option value="">Any FHIR version</option>
           <option value="R2" ${fhirVersion === 'R2' ? 'selected' : ''}>R2</option>
@@ -2387,13 +2371,13 @@ class PackagesModule {
         ${results.map(pkg => `
           <div class="package">
             <div class="package-name">
-              <a href="${pkg.url}">${this.escapeHtml(pkg.name)}</a> v${this.escapeHtml(pkg.version)}
+              <a href="${pkg.url}">${escape(pkg.name)}</a> v${escape(pkg.version)}
             </div>
             <div class="package-details">
-              <strong>FHIR Version:</strong> ${this.escapeHtml(pkg.fhirVersion)}<br>
-              <strong>Type:</strong> ${this.escapeHtml(pkg.kind)}<br>
-              <strong>Canonical:</strong> ${this.escapeHtml(pkg.canonical)}<br>
-              ${pkg.description ? `<strong>Description:</strong> ${this.escapeHtml(pkg.description)}<br>` : ''}
+              <strong>FHIR Version:</strong> ${escape(pkg.fhirVersion)}<br>
+              <strong>Type:</strong> ${escape(pkg.kind)}<br>
+              <strong>Canonical:</strong> ${escape(pkg.canonical)}<br>
+              ${pkg.description ? `<strong>Description:</strong> ${escape(pkg.description)}<br>` : ''}
               ${pkg.date ? `<strong>Published:</strong> ${new Date(pkg.date).toLocaleDateString()}<br>` : ''}
               ${pkg.count ? `<strong>Downloads:</strong> ${pkg.count}<br>` : ''}
             </div>
@@ -2593,14 +2577,14 @@ class PackagesModule {
     for (const source of sourcePackages) {
       const dependencies = brokenDependencies[source];
       table += '<tr>';
-      table += `<td>${this.escapeHtml(source)}</td>`;
+      table += `<td>${escape(source)}</td>`;
       table += '<td>';
 
       for (let i = 0; i < dependencies.length; i++) {
         if (i > 0) {
           table += ', ';
         }
-        table += this.escapeHtml(dependencies[i]);
+        table += escape(dependencies[i]);
       }
 
       table += '</td>';
@@ -2656,7 +2640,7 @@ class PackagesModule {
   buildLogPageContent(status, logData, summary) {
     let content = '<div class="row mb-4">';
     content += '<div class="col-12">';
-    content += `<div class="alert ${this.crawlerRunning ? 'alert-info' : 'alert-secondary'}">${this.escapeHtml(status)}</div>`;
+    content += `<div class="alert ${this.crawlerRunning ? 'alert-info' : 'alert-secondary'}">${escape(status)}</div>`;
     content += '</div>';
     content += '</div>';
 
@@ -2752,7 +2736,7 @@ class PackagesModule {
       output += 'No feeds processed.\n';
     }
 
-    return this.escapeHtml(output);
+    return escape(output);
   }
 
   getStatus() {
@@ -2825,7 +2809,7 @@ class PackagesModule {
     if (this.lastRunTime) {
       content += `<tr><td>Last Run</td><td>${new Date(this.lastRunTime).toLocaleString()}</td></tr>`;
     }
-    content += `<tr><td>Master URL</td><td><a href="${htmlServer.escapeHtml(this.config.masterUrl)}" target="_blank">${htmlServer.escapeHtml(this.config.masterUrl)}</a></td></tr>`;
+    content += `<tr><td>Master URL</td><td><a href="${escape(this.config.masterUrl)}" target="_blank">${escape(this.config.masterUrl)}</a></td></tr>`;
     content += '</table>';
     content += '</div>';
     content += '</div>';

package/publisher/publisher.js

@@ -5,6 +5,7 @@ const Database = require('sqlite3').Database;
 const bcrypt = require('bcrypt');
 const session = require('express-session');
 const folders = require('../library/folder-setup');
+const escape = require('escape-html');
 
 
 class PublisherModule {
@@ -1096,7 +1097,7 @@ class PublisherModule {
                 content += '<a href="/publisher/tasks/' + task.id + '/output" class="btn btn-sm btn-outline-info me-1">View Output</a>';
               }
               if (task.failure_reason) {
-                content += '<span class="text-danger small me-1">' + this.escapeHtml(task.failure_reason) + '</span>';
+                content += '<span class="text-danger small me-1">' + escape(task.failure_reason) + '</span>';
               }
             }
 
@@ -1343,7 +1344,7 @@ class PublisherModule {
           // Build log section
           if (buildLog) {
             content += '<h4>Build Log</h4>';
-            content += '<div class="output-viewer">' + this.escapeHtml(buildLog) + '</div>';
+            content += '<div class="output-viewer">' + escape(buildLog) + '</div>';
           } else if (task.status === 'building') {
             content += '<h4>Build Log</h4>';
             content += '<p><em>Build in progress... Log will appear when available.</em></p>';
@@ -1424,28 +1425,28 @@ class PublisherModule {
 
         const htmlServer = require('../library/html-server');
 
-        let content = '<h3>Task History: #' + task.id + ' — ' + this.escapeHtml(task.npm_package_id) + '#' + this.escapeHtml(task.version) + '</h3>';
+        let content = '<h3>Task History: #' + task.id + ' — ' + escape(task.npm_package_id) + '#' + escape(task.version) + '</h3>';
 
         // Task details summary card
         content += '<div class="card mb-4"><div class="card-body">';
         content += '<div class="row">';
         content += '<div class="col-md-6">';
         content += '<p><strong>Status:</strong> <span class="badge bg-' + this.getStatusColor(task.status) + '">' + task.status + '</span></p>';
-        content += '<p><strong>Package:</strong> <code>' + this.escapeHtml(task.npm_package_id) + '</code></p>';
-        content += '<p><strong>Version:</strong> ' + this.escapeHtml(task.version) + '</p>';
-        content += '<p><strong>Website:</strong> ' + this.escapeHtml(task.website_name) + '</p>';
+        content += '<p><strong>Package:</strong> <code>' + escape(task.npm_package_id) + '</code></p>';
+        content += '<p><strong>Version:</strong> ' + escape(task.version) + '</p>';
+        content += '<p><strong>Website:</strong> ' + escape(task.website_name) + '</p>';
         content += '</div>';
         content += '<div class="col-md-6">';
-        content += '<p><strong>GitHub:</strong> ' + this.escapeHtml(task.github_org) + '/' + this.escapeHtml(task.github_repo) + ' (' + this.escapeHtml(task.git_branch) + ')</p>';
-        content += '<p><strong>Created by:</strong> ' + this.escapeHtml(task.user_name) + ' (' + this.escapeHtml(task.user_login) + ')</p>';
+        content += '<p><strong>GitHub:</strong> ' + escape(task.github_org) + '/' + escape(task.github_repo) + ' (' + escape(task.git_branch) + ')</p>';
+        content += '<p><strong>Created by:</strong> ' + escape(task.user_name) + ' (' + escape(task.user_login) + ')</p>';
         if (task.approved_by_name) {
-          content += '<p><strong>Approved by:</strong> ' + this.escapeHtml(task.approved_by_name) + '</p>';
+          content += '<p><strong>Approved by:</strong> ' + escape(task.approved_by_name) + '</p>';
         }
         if (task.local_folder) {
-          content += '<p><strong>Local folder:</strong> <code>' + this.escapeHtml(task.local_folder) + '</code></p>';
+          content += '<p><strong>Local folder:</strong> <code>' + escape(task.local_folder) + '</code></p>';
         }
         if (task.failure_reason) {
-          content += '<p><strong>Failure reason:</strong> <span class="text-danger">' + this.escapeHtml(task.failure_reason) + '</span></p>';
+          content += '<p><strong>Failure reason:</strong> <span class="text-danger">' + escape(task.failure_reason) + '</span></p>';
         }
         content += '</div>';
         content += '</div>';
@@ -1455,7 +1456,7 @@ class PublisherModule {
         if (task.announcement) {
           content += '<div class="card mb-4"><div class="card-body">';
           content += '<h5>Announcement</h5>';
-          content += '<pre class="mb-0" style="white-space: pre-wrap;">' + this.escapeHtml(task.announcement) + '</pre>';
+          content += '<pre class="mb-0" style="white-space: pre-wrap;">' + escape(task.announcement) + '</pre>';
           content += '</div></div>';
         }
 
@@ -1464,7 +1465,7 @@ class PublisherModule {
 
         // Status transition timestamps from the task record
         if (task.queued_at) {
-          events.push({ timestamp: task.queued_at, type: 'status', icon: '📋', label: 'Task queued', detail: 'Created by ' + this.escapeHtml(task.user_name), css: '' });
+          events.push({ timestamp: task.queued_at, type: 'status', icon: '📋', label: 'Task queued', detail: 'Created by ' + escape(task.user_name), css: '' });
         }
         if (task.building_at) {
           events.push({ timestamp: task.building_at, type: 'status', icon: '🔨', label: 'Draft build started', detail: '', css: '' });
@@ -1473,14 +1474,14 @@ class PublisherModule {
           events.push({ timestamp: task.waiting_approval_at, type: 'status', icon: '⏳', label: 'Waiting for approval', detail: 'Draft build completed', css: '' });
         }
         if (task.publishing_at) {
-          const approver = task.approved_by_name ? 'Approved by ' + this.escapeHtml(task.approved_by_name) : '';
+          const approver = task.approved_by_name ? 'Approved by ' + escape(task.approved_by_name) : '';
           events.push({ timestamp: task.publishing_at, type: 'status', icon: '🚀', label: 'Publishing started', detail: approver, css: '' });
         }
         if (task.completed_at) {
           events.push({ timestamp: task.completed_at, type: 'status', icon: '✅', label: 'Completed', detail: '', css: 'text-success' });
         }
         if (task.failed_at) {
-          events.push({ timestamp: task.failed_at, type: 'status', icon: '❌', label: 'Failed', detail: task.failure_reason ? this.escapeHtml(task.failure_reason) : '', css: 'text-danger' });
+          events.push({ timestamp: task.failed_at, type: 'status', icon: '❌', label: 'Failed', detail: task.failure_reason ? escape(task.failure_reason) : '', css: 'text-danger' });
         }
 
         // Task log entries
@@ -1489,7 +1490,7 @@ class PublisherModule {
             timestamp: log.timestamp,
             type: 'log',
             icon: log.level === 'error' ? '🔴' : log.level === 'warn' ? '🟡' : '🔵',
-            label: this.escapeHtml(log.message),
+            label: escape(log.message),
             detail: '',
             css: log.level === 'error' ? 'text-danger' : log.level === 'warn' ? 'text-warning' : 'text-muted'
           });
@@ -1497,8 +1498,8 @@ class PublisherModule {
 
         // User actions
         for (const action of actions) {
-          const who = action.user_name ? this.escapeHtml(action.user_name) + ' (' + this.escapeHtml(action.user_login) + ')' : 'Unknown';
-          const ip = action.ip_address ? ' from ' + this.escapeHtml(action.ip_address) : '';
+          const who = action.user_name ? escape(action.user_name) + ' (' + escape(action.user_login) + ')' : 'Unknown';
+          const ip = action.ip_address ? ' from ' + escape(action.ip_address) : '';
           let actionLabel = action.action;
           if (action.action === 'create_task') actionLabel = 'Created task';
           else if (action.action === 'approve_task') actionLabel = 'Approved task';
@@ -1580,15 +1581,6 @@ class PublisherModule {
     }
   }
 
-  escapeHtml(text) {
-    return text
-      .replace(/&/g, '&amp;')
-      .replace(/</g, '&lt;')
-      .replace(/>/g, '&gt;')
-      .replace(/"/g, '&quot;')
-      .replace(/'/g, '&#039;');
-  }
-
   async renderWebsites(req, res) {
     const start = Date.now();
     try {

package/registry/api.js

@@ -1,6 +1,7 @@
 // Enhanced registry-api.js with resolver and HTML rendering functions
 
 const { ServerRegistryUtilities } = require('./model');
+const escape = require('escape-html');
 
 class RegistryAPI {
   constructor(crawler) {
@@ -631,19 +632,19 @@ class RegistryAPI {
       html += '<tr>\n';
       
       if (!regCode) {
-        html += `<td><a href="${path}&registry=${row['registry-code']}">${this._escapeHtml(row['registry-name'])}</a></td>\n`;
+        html += `<td><a href="${path}&registry=${row['registry-code']}">${escape(row['registry-name'])}</a></td>\n`;
       }
       if (!serverCode) {
-        html += `<td><a href="${path}&server=${row['server-code']}">${this._escapeHtml(row['server-name'])}</a></td>\n`;
+        html += `<td><a href="${path}&server=${row['server-code']}">${escape(row['server-name'])}</a></td>\n`;
       }
       if (!versionCode) {
         html += `<td><a href="${path}&fhirVersion=${row.fhirVersion}">${row.fhirVersion}</a></td>\n`;
       }
       
-      html += `<td><a href="${this._escapeHtml(row.url)}">${this._escapeHtml(row.url)}</a></td>\n`;
+      html += `<td><a href="${escape(row.url)}">${escape(row.url)}</a></td>\n`;
       
       if (row.error) {
-        html += `<td><span style="color: maroon">Error: ${this._escapeHtml(row.error)}</span> Last OK ${this._formatDuration(row['last-success'])} ago</td>\n`;
+        html += `<td><span style="color: maroon">Error: ${escape(row.error)}</span> Last OK ${this._formatDuration(row['last-success'])} ago</td>\n`;
       } else {
         html += `<td>Last OK ${this._formatDuration(row['last-success'])} ago</td>\n`;
       }
@@ -673,20 +674,20 @@ class RegistryAPI {
     const data = this.crawler.getData();
     let html = '<table class="grid">';
     
-    html += `<tr><td width="130px"><img src="/assets/images/tx-registry-root.gif">&nbsp;Registries</td><td>${data.address} (${this._escapeHtml(data.outcome)})</td></tr>`;
+    html += `<tr><td width="130px"><img src="/assets/images/tx-registry-root.gif">&nbsp;Registries</td><td>${data.address} (${escape(data.outcome)})</td></tr>`;
     
     data.registries.forEach(registry => {
       if (registry.error) {
-        html += `<tr><td title="${this._escapeHtml(registry.name)}">&nbsp;<img src="/assets/images/tx-registry.png">&nbsp;${registry.code}</td><td><a href="${this._escapeHtml(registry.address)}">${this._escapeHtml(registry.address)}</a>. Error: ${this._escapeHtml(registry.error)}</td></tr>`;
+        html += `<tr><td title="${escape(registry.name)}">&nbsp;<img src="/assets/images/tx-registry.png">&nbsp;${registry.code}</td><td><a href="${escape(registry.address)}">${escape(registry.address)}</a>. Error: ${escape(registry.error)}</td></tr>`;
       } else {
-        html += `<tr><td title="${this._escapeHtml(registry.name)}">&nbsp;&nbsp;<img src="/assets/images/tx-registry.png">&nbsp;${registry.code}</td><td><a href="${this._escapeHtml(registry.address)}">${this._escapeHtml(registry.address)}</a></td></tr>`;
+        html += `<tr><td title="${escape(registry.name)}">&nbsp;&nbsp;<img src="/assets/images/tx-registry.png">&nbsp;${registry.code}</td><td><a href="${escape(registry.address)}">${escape(registry.address)}</a></td></tr>`;
       }
       
       registry.servers.forEach(server => {
         if (server.authCSList.length > 0 || server.authVSList.length > 0 || server.usageList.length > 0) {
-          html += `<tr><td title="${this._escapeHtml(server.name)}">&nbsp;&nbsp;&nbsp;&nbsp;<img src="/assets/images/tx-server.png">&nbsp;${server.code}</td><td><a href="${this._escapeHtml(server.address)}">${this._escapeHtml(server.address)}</a>. ${server.description}</td></tr>`;
+          html += `<tr><td title="${escape(server.name)}">&nbsp;&nbsp;&nbsp;&nbsp;<img src="/assets/images/tx-server.png">&nbsp;${server.code}</td><td><a href="${escape(server.address)}">${escape(server.address)}</a>. ${server.description}</td></tr>`;
         } else {
-          html += `<tr><td title="${this._escapeHtml(server.name)}">&nbsp;&nbsp;&nbsp;&nbsp;<img src="/assets/images/tx-server.png">&nbsp;${server.code}</td><td><a href="${this._escapeHtml(server.address)}">${this._escapeHtml(server.address)}</a></td></tr>`;
+          html += `<tr><td title="${escape(server.name)}">&nbsp;&nbsp;&nbsp;&nbsp;<img src="/assets/images/tx-server.png">&nbsp;${server.code}</td><td><a href="${escape(server.address)}">${escape(server.address)}</a></td></tr>`;
         }
         
         server.versions.forEach(version => {
@@ -694,7 +695,7 @@ class RegistryAPI {
           const versionParts = version.version.split('.');
           const majorMinor = versionParts.slice(0, 2).join('.');
           
-          html += `<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<img src="/assets/images/tx-version.png">&nbsp;v${majorMinor}</td><td><a href="${this._escapeHtml(version.address)}">${this._escapeHtml(version.address)}</a>. Status: ${this._escapeHtml(version.details)}. ${version.codeSystems.length} CodeSystems, ${version.valueSets.length} ValueSets</td></tr>`;
+          html += `<tr><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<img src="/assets/images/tx-version.png">&nbsp;v${majorMinor}</td><td><a href="${escape(version.address)}">${escape(version.address)}</a>. Status: ${escape(version.details)}. ${version.codeSystems.length} CodeSystems, ${version.valueSets.length} ValueSets</td></tr>`;
         });
       });
     });