Gathering detailed insights and metrics for cheerio
Gathering detailed insights and metrics for cheerio
The fast, flexible, and elegant library for parsing and manipulating HTML and XML.
Installations
npm install cheerioDeveloper Guide
BETA
Typescript
Yes
Module System
ESM, UMD
Min. Node Version
>=18.17
Node Version
24.1.0
NPM Version
11.3.0
Score
97.2
Supply Chain
98.6
Quality
82.2
Maintenance
100
Vulnerability
100
License
Releases
59
Languages
5
TypeScript
HTML
JavaScript
CSS
MDX
TypeScript (73.79%)
HTML (23.37%)
JavaScript (2.32%)
CSS (0.42%)
MDX (0.09%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
29,625 Stars
3,741 Commits
1,671 Forks
357 Watchers
5 Branches
139 Contributors
Updated on Jul 14, 2025
Sponsor this package
Maintainers
2
Package Meta Information
Latest Version
1.1.0
Package Id
cheerio@1.1.0
Unpacked Size
1.21 MB
Size
147.21 kB
File Count
243
NPM Version
11.3.0
Node Version
24.1.0
Published on
Jun 08, 2025
Total Downloads
Cumulative downloads
Total Downloads
NaN
Dependencies
11
Dev Dependencies
27
@eslint/compat@eslint/js@imgix/js-core@octokit/graphql@types/jsdom@types/node@types/whatwg-mimetype@vitest/coverage-v8@vitest/eslint-plugineslinteslint-config-prettiereslint-plugin-jsdoceslint-plugin-neslint-plugin-unicornglobalshuskyjqueryjsdomlint-stagedprettierprettier-plugin-jsdoctinybenchtshytsxtypescripttypescript-eslintvitest
cheerio
The fast, flexible, and elegant library for parsing and manipulating HTML and XML.
1import * as cheerio from 'cheerio'; 2const $ = cheerio.load('<h2 class="title">Hello world</h2>'); 3 4$('h2.title').text('Hello there!'); 5$('h2').addClass('welcome'); 6 7$.html(); 8//=> <html><head></head><body><h2 class="title welcome">Hello there!</h2></body></html>
Installation
Install Cheerio using a package manager like npm, yarn, or bun.
1npm install cheerio 2# or 3bun add cheerio
Features
❤ Proven syntax: Cheerio implements a subset of core jQuery. Cheerio removes all the DOM inconsistencies and browser cruft from the jQuery library, revealing its truly gorgeous API.
ϟ Blazingly fast: Cheerio works with a very simple, consistent DOM model. As a result parsing, manipulating, and rendering are incredibly efficient.
❁ Incredibly flexible: Cheerio wraps around parse5 for parsing HTML and can optionally use the forgiving htmlparser2. Cheerio can parse nearly any HTML or XML document. Cheerio works in both browser and server environments.
API
Loading
First you need to load in the HTML. This step in jQuery is implicit, since jQuery operates on the one, baked-in DOM. With Cheerio, we need to pass in the HTML document.
1// ESM or TypeScript: 2import * as cheerio from 'cheerio'; 3 4// In other environments: 5const cheerio = require('cheerio'); 6 7const $ = cheerio.load('<ul id="fruits">...</ul>'); 8 9$.html(); 10//=> <html><head></head><body><ul id="fruits">...</ul></body></html>
Selectors
Once you've loaded the HTML, you can use jQuery-style selectors to find elements within the document.
$( selector, [context], [root] )
selector searches within the context scope which searches within the root
scope. selector and context can be a string expression, DOM Element, array
of DOM elements, or cheerio object. root, if provided, is typically the HTML
document string.
This selector method is the starting point for traversing and manipulating the document. Like in jQuery, it's the primary method for selecting elements in the document.
1$('.apple', '#fruits').text(); 2//=> Apple 3 4$('ul .pear').attr('class'); 5//=> pear 6 7$('li[class=orange]').html(); 8//=> Orange
Rendering
When you're ready to render the document, you can call the html method on the
"root" selection:
1$.root().html(); 2//=> <html> 3// <head></head> 4// <body> 5// <ul id="fruits"> 6// <li class="apple">Apple</li> 7// <li class="orange">Orange</li> 8// <li class="pear">Pear</li> 9// </ul> 10// </body> 11// </html>
If you want to render the
outerHTML
of a selection, you can use the outerHTML prop:
1$('.pear').prop('outerHTML'); 2//=> <li class="pear">Pear</li>
You may also render the text content of a Cheerio object using the text
method:
1const $ = cheerio.load('This is <em>content</em>.'); 2$('body').text(); 3//=> This is content.
The "DOM Node" object
Cheerio collections are made up of objects that bear some resemblance to browser-based DOM nodes. You can expect them to define the following properties:
tagNameparentNodepreviousSiblingnextSiblingnodeValuefirstChildchildNodeslastChild
Screencasts
This video tutorial is a follow-up to Nettut's "How to Scrape Web Pages with Node.js and jQuery", using cheerio instead of JSDOM + jQuery. This video shows how easy it is to use cheerio and how much faster cheerio is than JSDOM + jQuery.
Cheerio in the real world
Are you using cheerio in production? Add it to the wiki!
Sponsors
Does your company use Cheerio in production? Please consider sponsoring this project! Your help will allow maintainers to dedicate more time and resources to its development and support.
Headlining Sponsors
Other Sponsors
Backers
Become a backer to show your support for Cheerio and help us maintain and improve this open source project.
License
MIT
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-4v9v-hfq4-rm2v
- Warn: Project is vulnerable to: GHSA-9jgg-88mc-972h
Reason
dependency not pinned by hash detected -- score normalized to 5
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/benchmark.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/benchmark.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/benchmark.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/ci.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/ci.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/codeql.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/codeql.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-automerge.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/dependabot-automerge.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/lint.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/lint.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/site.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/site.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/site.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/site.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/site.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/site.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/site.yml:60: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/site.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/site.yml:75: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/site.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sponsors.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/sponsors.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/sponsors.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/sponsors.yml/main?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/sponsors.yml:43: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/cheerio/sponsors.yml/main?enable=pin
- Info: 0 out of 16 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 3 third-party GitHubAction dependencies pinned
- Info: 7 out of 7 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/ci.yml:19
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/ci.yml:20
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql.yml:21
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql.yml:22
- Warn: jobLevel 'contents' permission set to 'write': .github/workflows/sponsors.yml:19
- Info: topLevel 'contents' permission set to 'read': .github/workflows/benchmark.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/ci.yml:14
- Warn: no topLevel permission defined: .github/workflows/codeql.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/dependabot-automerge.yml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/lint.yml:13
- Info: topLevel 'contents' permission set to 'read': .github/workflows/site.yml:18
- Info: topLevel 'contents' permission set to 'read': .github/workflows/sponsors.yml:14
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
7
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More