npmpackage.info

Gathering detailed insights and metrics for @xmldom/xmldom

Other packages similar to @xmldom/xmldom

xmldom-format

2.0.0

format xml using @xmldom/xmldom

xmldom-qsa

1.1.3

Based on @xmldom/xmldom with some minor enhancements. Add querySelector, querySelectorAll and match method to Document and Element.

xmldom

0.6.0

A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.

xmldom-sre

0.9.0-beta.7

A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.

Gathering detailed insights and metrics for @xmldom/xmldom

@xmldom/xmldom

A pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module.

0.9.5

364

MIT

HTML

804,435,315 7.8

Installations

npm install @xmldom/xmldom

Pull Requests

Open

2

Total

611

Closed

75

Merged

534

Issues

Open

23

Total

166

Closed

143

Releases

0.9.5

Published on 26 Oct 2024

0.9.4

Published on 13 Oct 2024

0.9.3

Published on 21 Sept 2024

0.9.2

Published on 05 Sept 2024

0.9.1

Published on 05 Sept 2024

0.9.0

Published on 29 Aug 2024

View all 47 releases

Developer

xmldom

Developer Guide

BETA

Module System

CommonJS

Min. Node Version

>=14.6

Typescript Support

Yes

Node Version

18.20.4

NPM Version

10.7.0 Statistics

364 Stars

816 Commits

88 Forks

8 Watching

7 Branches

56 Contributors

Updated on 26 Nov 2024

Languages

HTML (55.99%)

JavaScript (43.89%)

Handlebars (0.07%)

Shell (0.04%)

Total Downloads

Cumulative downloads

Total Downloads

804,435,315

Last day

-8.1%

1,649,548

Compared to previous day

Last week

1.2%

8,802,960

Compared to previous week

Last month

11.4%

37,134,804

Compared to previous month

Last year

31.2%

374,380,859

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

np jest rxjs yauzl eslint nodemon xmltest prettier get-stream auto-changelog @jazzer.js/core eslint-plugin-n eslint-plugin-es5 @jazzer.js/jest-runner eslint-config-prettier eslint-plugin-prettier @homer0/prettier-plugin-jsdoc eslint-plugin-anti-trojan-source

Versions

@xmldom/xmldom

Since version 0.7.0 this package is published to npm as @xmldom/xmldom and no longer as xmldom, because we are no longer able to publish xmldom.
For better readability in the docs, we will continue to talk about this library as "xmldom".

xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes:

convert an XML string into a DOM tree

new DOMParser().parseFromString(xml, mimeType) => Document

create, access and modify a DOM tree

new DOMImplementation().createDocument(...) => Document

serialize a DOM tree back into an XML string

new XMLSerializer().serializeToString(node) => string

The target runtimes xmldom supports are currently Node >= v14.6 (and very likely any other ES5 compatible runtime).

When deciding how to fix bugs or implement features, xmldom tries to stay as close as possible to the various related specifications/standards.
As indicated by the version starting with 0., this implementation is not feature complete and some implemented features differ from what the specifications describe.
Issues and PRs for such differences are always welcome, even when they only provide a failing test case.

This project was forked from it's original source in 2019, more details about that transition can be found in the CHANGELOG.

Usage

Install:

npm install @xmldom/xmldom

Example:

In NodeJS

1const { DOMParser, XMLSerializer } = require('@xmldom/xmldom')
2
3const source = `<xml xmlns="a">
4	<child>test</child>
5	<child/>
6</xml>`
7
8const doc = new DOMParser().parseFromString(source, 'text/xml')
9
10const serialized = new XMLSerializer().serializeToString(doc)

Note: in Typescript ~~and ES6~~ (see #316) you can use the import approach, as follows:

1import { DOMParser } from '@xmldom/xmldom'

API Reference

DOMParser:

1parseFromString(xmlsource, mimeType)

options extension by xmldom (not DOM standard!!)

1// the options argument can be used to modify behavior
2// for more details check the documentation on the code or type definition  
3new DOMParser(options)

XMLSerializer
```
1serializeToString(node)
```

DOM level2 method and attribute:

Node

readonly class properties (aka NodeType),
these can be accessed from any Node instance node:
if (node.nodeType === node.ELEMENT_NODE) {...
1. ELEMENT_NODE (1)
2. ATTRIBUTE_NODE (2)
3. TEXT_NODE (3)
4. CDATA_SECTION_NODE (4)
5. ENTITY_REFERENCE_NODE (5)
6. ENTITY_NODE (6)
7. PROCESSING_INSTRUCTION_NODE (7)
8. COMMENT_NODE (8)
9. DOCUMENT_NODE (9)
10. DOCUMENT_TYPE_NODE (10)
11. DOCUMENT_FRAGMENT_NODE (11)
12. NOTATION_NODE (12)
attribute:
- nodeValue | prefix | textContent
readonly attribute:
- nodeName | nodeType | parentNode | parentElement | childNodes | firstChild | lastChild | previousSibling | nextSibling | attributes | ownerDocument | namespaceURI | localName | isConnected | baseURI
method:
- insertBefore(newChild, refChild)
- replaceChild(newChild, oldChild)
- removeChild(oldChild)
- appendChild(newChild)
- hasChildNodes()
- cloneNode(deep)
- normalize()
- contains(otherNode)
- getRootNode()
- isEqualNode(otherNode)
- isSameNode(otherNode)
- isSupported(feature, version)
- hasAttributes()
DOMException

extends the Error type thrown as part of DOM API.

readonly class properties:
- INDEX_SIZE_ERR (1)
- DOMSTRING_SIZE_ERR (2)
- HIERARCHY_REQUEST_ERR (3)
- WRONG_DOCUMENT_ERR (4)
- INVALID_CHARACTER_ERR (5)
- NO_DATA_ALLOWED_ERR (6)
- NO_MODIFICATION_ALLOWED_ERR (7)
- NOT_FOUND_ERR (8)
- NOT_SUPPORTED_ERR (9)
- INUSE_ATTRIBUTE_ERR (10)
- INVALID_STATE_ERR (11)
- SYNTAX_ERR (12)
- INVALID_MODIFICATION_ERR (13)
- NAMESPACE_ERR (14)
- INVALID_ACCESS_ERR (15)
attributes:
- code with a value matching one of the above constants.
DOMImplementation

method:
- hasFeature(feature, version) (deprecated)
- createDocumentType(qualifiedName, publicId, systemId)
- createDocument(namespaceURI, qualifiedName, doctype)
Document : Node

readonly attribute:
- doctype | implementation | documentElement
method:
- createElement(tagName)
- createDocumentFragment()
- createTextNode(data)
- createComment(data)
- createCDATASection(data)
- createProcessingInstruction(target, data)
- createAttribute(name)
- createEntityReference(name)
- getElementsByTagName(tagname)
- importNode(importedNode, deep)
- createElementNS(namespaceURI, qualifiedName)
- createAttributeNS(namespaceURI, qualifiedName)
- getElementsByTagNameNS(namespaceURI, localName)
- getElementById(elementId)
DocumentFragment : Node
Element : Node

readonly attribute:
- tagName
method:
- getAttribute(name)
- setAttribute(name, value)
- removeAttribute(name)
- getAttributeNode(name)
- setAttributeNode(newAttr)
- removeAttributeNode(oldAttr)
- getElementsByTagName(name)
- getAttributeNS(namespaceURI, localName)
- setAttributeNS(namespaceURI, qualifiedName, value)
- removeAttributeNS(namespaceURI, localName)
- getAttributeNodeNS(namespaceURI, localName)
- setAttributeNodeNS(newAttr)
- getElementsByTagNameNS(namespaceURI, localName)
- hasAttribute(name)
- hasAttributeNS(namespaceURI, localName)
Attr : Node

attribute:
- value
readonly attribute:
- name | specified | ownerElement
NodeList

readonly attribute:
- length
method:
- item(index)
NamedNodeMap

readonly attribute:
- length
method:
- getNamedItem(name)
- setNamedItem(arg)
- removeNamedItem(name)
- item(index)
- getNamedItemNS(namespaceURI, localName)
- setNamedItemNS(arg)
- removeNamedItemNS(namespaceURI, localName)
CharacterData : Node

method:
- substringData(offset, count)
- appendData(arg)
- insertData(offset, arg)
- deleteData(offset, count)
- replaceData(offset, count, arg)
Text : CharacterData

method:
- splitText(offset)
CDATASection
Comment : CharacterData
DocumentType

readonly attribute:
- name | entities | notations | publicId | systemId | internalSubset
Notation : Node

readonly attribute:
- publicId | systemId
Entity : Node

readonly attribute:
- publicId | systemId | notationName
EntityReference : Node
ProcessingInstruction : Node

attribute:
- data readonly attribute:
- target

DOM level 3 support:

Node

attribute:
- textContent
method:
- isDefaultNamespace(namespaceURI)
- lookupNamespaceURI(prefix)

DOM extension by xmldom

[Node] Source position extension;

attribute:
- lineNumber //number starting from 1
- columnNumber //number starting from 1

Specs

The implementation is based on several specifications:

DOM Parsing and Serialization

From the W3C DOM Parsing and Serialization (WD 2016) xmldom provides an implementation for the interfaces:

DOMParser
XMLSerializer

Note that there are some known deviations between this implementation and the W3 specifications.

Note: The latest version of this spec has the status "Editors Draft", since it is under active development. One major change is that the definition of the DOMParser interface has been moved to the HTML spec

DOM

The original author claims that xmldom implements [DOM Level 2] in a "fully compatible" way and some parts of [DOM Level 3], but there are not enough tests to prove this. Both Specifications are now superseded by the [DOM Level 4 aka Living standard] wich has a much broader scope than xmldom. In the past, there have been multiple (even breaking) changes to align xmldom with the living standard, so if you find a difference that is not documented, any contribution to resolve the difference is very welcome (even just reporting it as an issue).

xmldom implements the following interfaces:

Attr
CDATASection
CharacterData
Comment
Document
DocumentFragment
DocumentType
DOMException
DOMImplementation
Element
Entity
EntityReference
LiveNodeList
NamedNodeMap
Node
NodeList
Notation
ProcessingInstruction
Text

more details are available in the (incomplete) API Reference section.

HTML

xmldom does not have any goal of supporting the full spec, but it has some capability to parse, report and serialize things differently when it is told to parse HTML (by passing the HTML namespace).

SAX, XML, XMLNS

xmldom has an own SAX parser implementation to do the actual parsing, which implements some interfaces in alignment with the Java interfaces SAX defines:

XMLReader
DOMHandler

There is an idea/proposal to make it possible to replace it with something else in https://github.com/xmldom/xmldom/issues/55

Stable Version

The latest stable version of the package.

Stable Version

0.9.5

CRITICAL

9.8/10

Summary

xmldom allows multiple root nodes in a DOM

Affected Versions

>= 0.9.0-beta.1, < 0.9.0-beta.4

Patched Versions

0.9.0-beta.4

CRITICAL

9.8/10

Summary

xmldom allows multiple root nodes in a DOM

Affected Versions

>= 0.8.0, < 0.8.4

Patched Versions

0.8.4

CRITICAL

9.8/10

Summary

xmldom allows multiple root nodes in a DOM

Affected Versions

< 0.7.7

Patched Versions

0.7.7

CRITICAL

9.8/10

Summary

Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom

Affected Versions

< 0.7.6

Patched Versions

0.7.6

CRITICAL

9.8/10

Summary

Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom

Affected Versions

>= 0.8.0, < 0.8.3

Patched Versions

0.8.3

CRITICAL

9.8/10

Summary

Withdrawn: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in @xmldom/xmldom and xmldom

Affected Versions

= 0.9.0-beta.1

Patched Versions

0.9.0-beta.2

MODERATE

6.5/10

Summary

Misinterpretation of malicious XML input

Affected Versions

< 0.7.0

Patched Versions

0.7.0

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

CI-Tests

Determines if the project runs tests before pull requests are merged.

10

Contributors

Determines if the project has a set of contributors from multiple organizations (e.g., companies).

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Dependency-Update-Tool

Determines if the project uses a dependency update tool.

10

Fuzzing

Determines if the project uses fuzzing.

10

License

Determines if the project has defined a license.

10

Maintained

Determines if the project is "actively maintained".

10

Security-Policy

Determines if the project has published a security policy.

10

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

9

SAST

Determines if the project uses static code analysis.

7

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

5

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

5

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Signed-Releases

Determines if the project cryptographically signs release artifacts.

Score

7.8

/10

Last Scanned on 2024-11-26T04:22:51Z

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More