Skip to content

htmlencode dependency triggers Node.js DEP0060 deprecation warning (util._extend) #84

New issue
New issue
Open
Open
htmlencode dependency triggers Node.js DEP0060 deprecation warning (util._extend)#84
Labels
bugSomething isn't working
@joshdutcher

Description

@joshdutcher
joshdutcher
opened on Feb 9, 2026

Describe the bug

The htmlencode package (v0.0.4), listed as a direct dependency of matrix-bot-sdk, uses the deprecated util._extend API in its index.js:

var extend = require('util')._extend;

Starting with Node.js v22, this emits a DEP0060 deprecation warning on every startup. Because htmlencode calls require('util')._extend at module load time, the warning fires as soon as the module is imported — before any consuming application has a chance to install a process.on("warning") filter.

htmlencode has not been updated since 2013 and appears to be unmaintained. The fix in htmlencode itself would be trivial (replace require('util')._extend with Object.assign, which is a drop-in replacement for this use case), but given the package is abandoned, the more realistic fix is to remove or replace the dependency in matrix-bot-sdk.

htmlencode is used in the codebase for HTML entity encoding/decoding. Lighter, maintained alternatives exist (e.g. he, html-entities, or even a small inline utility), or the few functions used could be inlined directly.

To Reproduce

  1. Install matrix-bot-sdk in a project
  2. Run any script that imports or requires matrix-bot-sdk on Node.js v22+
  3. Observe the deprecation warning printed to stderr

Expected behavior

No deprecation warnings should be emitted during normal startup.

Log snippet

(node:564430) [DEP0060] DeprecationWarning: The `util._extend` API is deprecated. Please use Object.assign() instead.
(Use `node --trace-deprecation ...` to show where the warning was created)

Additional context

  • The warning originates from node_modules/htmlencode/index.js:8
  • util._extend has been deprecated since Node.js v6 and emits a runtime warning since v22
  • htmlencode uses util._extend exactly once, to copy methods onto Encoder.prototypeObject.assign is a direct substitute
  • Downstream projects (e.g. OpenClaw's matrix extension) are affected and have had to add warning-filter workarounds that don't fully work due to module load ordering

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions