The AMP web component framework.
Installations
npm install amphtml-validatorDeveloper Guide
Typescript
No
Module System
N/A
Node Version
20.11.0
NPM Version
10.3.0
Score
95.6
Supply Chain
99.5
Quality
78.2
Maintenance
100
Vulnerability
100
License
Releases
2501101900000
Published on 14 Jan 2025
2410292120000
Published on 05 Nov 2024
2410250306000
Published on 29 Oct 2024
2410161801000
Published on 22 Oct 2024
2410081535000
Published on 15 Oct 2024
2410031633000
Published on 08 Oct 2024
Contributors
Languages
JavaScript (79.92%)
HTML (9.11%)
C++ (7.54%)
CSS (2.22%)
TypeScript (0.55%)
Python (0.28%)
Starlark (0.15%)
Yacc (0.12%)
Shell (0.08%)
Go (0.03%)
Developer
Download Statistics
Total Downloads
29,202,250
Last Day
1,571
Last Week
10,452
Last Month
95,957
Last Year
1,681,786
GitHub Statistics
14,895 Stars
22,542 Commits
3,894 Forks
632 Watching
166 Branches
1,175 Contributors
Bundle Size
54.26 kB
Minified
17.27 kB
Minified + Gzipped
Maintainers
Package Meta Information
Latest Version
1.0.38
Package Id
amphtml-validator@1.0.38
Unpacked Size
30.75 kB
Size
8.61 kB
File Count
5
NPM Version
10.3.0
Node Version
20.11.0
Publised On
02 Apr 2024
Total Downloads
Cumulative downloads
Total Downloads
29,202,250
Last day
-19.5%
1,571
Compared to previous day
Last week
-50.1%
10,452
Compared to previous week
Last month
-20.2%
95,957
Compared to previous month
Last year
-34.6%
1,681,786
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
amphtml-validator Node.js Package
This package is published and available at https://www.npmjs.com/package/amphtml-validator.
The source code is available at https://github.com/ampproject/amphtml/tree/main/validator/js/nodejs.
Command Line Tool
The amphtml-validator command line tool is documented here:
https://amp.dev/documentation/guides-and-tutorials/learn/validation-workflow/validate_amp#command-line-tool
Node.js API
This API is new - feedback is especially welcome.
To install, use npm install amphtml-validator in your project directory,
or add amphtml-validator as a dependency to your package.json.
You may save the following example into a file, e.g., demo.js.
1'use strict'; 2var amphtmlValidator = require('amphtml-validator'); 3 4amphtmlValidator.getInstance().then(function (validator) { 5 var result = validator.validateString('<html>Hello, world.</html>'); 6 (result.status === 'PASS' ? console.log : console.error)(result.status); 7 for (var ii = 0; ii < result.errors.length; ii++) { 8 var error = result.errors[ii]; 9 var msg = 10 'line ' + error.line + ', col ' + error.col + ': ' + error.message; 11 if (error.specUrl !== null) { 12 msg += ' (see ' + error.specUrl + ')'; 13 } 14 (error.severity === 'ERROR' ? console.error : console.warn)(msg); 15 } 16});
Now try running it:
1$ node demo.js 2FAIL 3line 1, col 0: The mandatory attribute 'âš¡' is missing in tag 'html âš¡ for top-level html'. (see https://amp.dev/documentation/guides-and-tutorials/learn/spec/amphtml#required-markup) 4line 1, col 0: The parent tag of tag 'html âš¡ for top-level html' is '$root', but it can only be '!doctype'. (see https://amp.dev/documentation/guides-and-tutorials/learn/spec/amphtml.html#required-markup) 5...
As expected, this emits errors because the provided string in the example, <html>Hello, world.</html> is not a valid AMP HTML document.
The method validateString also takes a htmlFormat parameter which
would allow applying the validator rules for AMP4ADS or AMP4EMAIL as well. `validateString(inputString, htmlFormat).
1/** 2 * Validates the provided inputString; the htmlFormat can be 'AMP' or 3 * 'AMP4ADS'; it defaults to 'AMP' if not specified. 4 * @param {string} inputString 5 * @param {string=} htmlFormat 6 * @return {!ValidationResult} 7 * @export 8 */
Release Notes
1.0.35
- Set default engine to the WebAssembly version validator, which is
https://cdn.ampproject.org/v0/validator_wasm.js. ampproject/amphtml #34213
1.0.34
- Updated
colorsdependency version (ampproject/amphtml #31656).
1.0.33
- Update repository location.
1.0.32
- Removal of AMP Actions format as it is deprecated.
1.0.31
- Fix Node API on Node > 12
1.0.30
- Remove engine section from package.json to allow any version of nodejs.
1.0.29
- Reintroduce node v8 support. Supports node v8, v10, v12 and v14.
1.0.28
- Reintroduce node v10 support and introduce node v14 support.
1.0.27
- Removed references to amp.validator.categorizeError.
1.0.26
- Introduce node v12 support and remove node v10 support.
1.0.25
- Broken release, removed.
1.0.24
- Introduce node v10 support and remove node 8 support.
1.0.23
- The amphtml-validator binary now requires the Node.js binary to be called node. On systems where the Node.js binary is called nodejs, consider installing the nodejs-legacy Debian package or better yet, NVM.
1.0.22
- --html_format=AMP4EMAIL added.
1.0.21
- --html_format=AMP4ADS is no longer experimental.
1.0.20
- Better npm post-install for virtual machines, running debian over windows with SMB shared folder.
1.0.19
- Set correct process exit status for old versions of Node.js (v0.10.25).
1.0.18
- Small tweaks to this file and package.json.
1.0.17
- If the amphtml-validator command is already patched up for Windows, leave it alone instead of failing. Relevant if the package has been installed globally and now we're performing a local install on top of it.
1.0.16
npm install amphtml-validator(local install) should now work on Windows, forrequire('amphtml-validator').
1.0.15
- Added support for installing on Windows.
npm install -g amphtml-validatorshould now just work.
1.0.13
- Added newInstance method, a simple API that's not async.
1.0.12
- Added support for --user-agent option.
1.0.11
- Added support for AMP4ADS (via --html_format command line flag) and argument for validateString function in the API.
1.0.10
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Reason
all changesets reviewed
Reason
project has 17 contributing companies or organizations
Details
- Info: fastpack contributor org/company found, ampproject contributor org/company found, google contributor org/company found, babel contributor org/company found, Brawker contributor org/company found, palestine-web-summit contributor org/company found, carbon-tools contributor org/company found, human-tools contributor org/company found, googlers contributor org/company found, vercel contributor org/company found, vanadium contributor org/company found, perpay contributor org/company found, manshar contributor org/company found, mend contributor org/company found, jsconf contributor org/company found, tc39 contributor org/company found, linkedin contributor org/company found,
Reason
no dangerous workflow patterns detected
Reason
update tool detected
Details
- Info: detected update tool: RenovateBot: .renovaterc.json:1
Reason
project is fuzzed
Details
- Info: OSSFuzz integration found
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0
Reason
25 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
GitHub workflow tokens follow principle of least privilege
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:20
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:21
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/cross-platform-builds.yml:41
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/cut-nightly.yml:52
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/release-tagger.yml:53
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/status-page.yml:49
- Info: topLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/cross-platform-builds.yml:9
- Info: topLevel 'contents' permission set to 'read': .github/workflows/cut-nightly.yml:12
- Info: topLevel 'contents' permission set to 'read': .github/workflows/dependency-review.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/release-tagger.yml:21
- Info: topLevel permissions set to 'read-all': .github/workflows/scorecard.yml:18
- Info: topLevel 'contents' permission set to 'read': .github/workflows/status-page.yml:8
- Info: topLevel 'contents' permission set to 'read': .github/workflows/update-session-issues.yml:13
- Info: no jobLevel write permissions found
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'allow deletion' disabled on branch 'main'
- Info: 'force pushes' disabled on branch 'main'
- Warn: required approving review count is 1 on branch 'main'
- Warn: codeowners review is not required on branch 'main'
- Info: status check found to merge onto on branch 'main'
- Info: PRs are required in order to make changes on branch 'main'
Reason
dependency not pinned by hash detected -- score normalized to 8
Details
- Warn: pipCommand not pinned by hash: .circleci/install_validator_dependencies.sh:19
- Warn: npmCommand not pinned by hash: third_party/inputmask/build.sh:2
- Warn: npmCommand not pinned by hash: third_party/react-dates/build.sh:2
- Warn: npmCommand not pinned by hash: third_party/react-dates/debug.sh:2
- Info: 21 out of 21 GitHub-owned GitHubAction dependencies pinned
- Info: 17 out of 17 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 pipCommand dependencies pinned
- Info: 4 out of 7 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
37 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-4vvj-4cpr-p986
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-pp7h-53gx-mx7r
- Warn: Project is vulnerable to: GHSA-qwcr-r2fm-qrc7
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-pxg6-pf52-xh8x
- Warn: Project is vulnerable to: GHSA-9vvw-cc9w-f27h
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-gx9m-whjm-85jf
- Warn: Project is vulnerable to: GHSA-mmhx-hmjr-r674
- Warn: Project is vulnerable to: GHSA-74fj-2j2h-c42q
- Warn: Project is vulnerable to: GHSA-pw2r-vq6v-hr8c
- Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc
- Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp
- Warn: Project is vulnerable to: GHSA-pfq8-rq6v-vf5m
- Warn: Project is vulnerable to: GHSA-jf85-cpcp-j695
- Warn: Project is vulnerable to: GHSA-fvqr-27wr-82fm
- Warn: Project is vulnerable to: GHSA-4xc9-xhrj-v574
- Warn: Project is vulnerable to: GHSA-x5rq-j2xg-h7qm
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-hxm2-r34f-qmc5
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-w9mr-4mfr-499f
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-rhx6-c78j-4q9w
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
- Warn: Project is vulnerable to: GHSA-gqgv-6jq5-jjj9
- Warn: Project is vulnerable to: GHSA-hrpp-h998-j3pp
- Warn: Project is vulnerable to: GHSA-c2qf-rxjj-qqgw
- Warn: Project is vulnerable to: GHSA-m6fv-jmcg-4jfg
- Warn: Project is vulnerable to: GHSA-fhg7-m89q-25r3
- Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q
- Warn: Project is vulnerable to: GHSA-j8xg-fqg3-53r7
Score
8.6
/10
Last Scanned on 2025-01-14T21:49:04Z
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to amphtml-validator
@types/amphtml-validator
TypeScript definitions for amphtml-validator
amphtml-validator-extra
Enhanced package of amphtml-validator.
gulp-amphtml-validator
Gulp plugin for the official AMP HTML validator (www.ampproject.org)
amphtml-validator-rules
Get all the rules that the `amphtml-validator` uses.