Gathering detailed insights and metrics for dom-serializer
Gathering detailed insights and metrics for dom-serializer
Installations
npm install dom-serializerDeveloper
cheeriojs
Developer Guide
BETA
Module System
CommonJS, ESM
Min. Node Version
Typescript Support
Yes
Node Version
17.8.0
NPM Version
8.5.5
Statistics
121 Stars
1,170 Commits
70 Forks
4 Watching
4 Branches
22 Contributors
Updated on 27 Nov 2024
Bundle Size
59.21 kB
Minified
27.54 kB
Minified + Gzipped
Languages
TypeScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
7,380,978,535
Last day
-7.2%
7,766,830
Compared to previous day
Last week
1.8%
44,844,940
Compared to previous week
Last month
8.2%
186,846,692
Compared to previous month
Last year
10.5%
1,953,329,975
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
dom-serializer 
Renders a domhandler DOM node or an array of domhandler DOM nodes to a string.
1import render from "dom-serializer"; 2 3// OR 4 5const render = require("dom-serializer").default;
API
render
▸ render(node: Node | Node[], options?: Options): string
Renders a DOM node or an array of DOM nodes to a string.
Can be thought of as the equivalent of the outerHTML of the passed node(s).
Parameters:
| Name | Type | Default value | Description |
|---|---|---|---|
node | Node | Node[] | - | Node to be rendered. |
options | DomSerializerOptions | {} | Changes serialization behavior |
Returns: string
Options
encodeEntities
• Optional decodeEntities: boolean | "utf8"
Encode characters that are either reserved in HTML or XML.
If xmlMode is true or the value not 'utf8', characters outside of the utf8 range will be encoded as well.
default decodeEntities
decodeEntities
• Optional decodeEntities: boolean
Option inherited from parsing; will be used as the default value for encodeEntities.
default true
emptyAttrs
• Optional emptyAttrs: boolean
Print an empty attribute's value.
default xmlMode
example With emptyAttrs: false: <input checked>
example With emptyAttrs: true: <input checked="">
selfClosingTags
• Optional selfClosingTags: boolean
Print self-closing tags for tags without contents. If xmlMode is set, this
will apply to all tags. Otherwise, only tags that are defined as self-closing
in the HTML specification will be printed as such.
default xmlMode
example With selfClosingTags: false: <foo></foo><br></br>
example With xmlMode: true and selfClosingTags: true: <foo/><br/>
example With xmlMode: false and selfClosingTags: true: <foo></foo><br />
xmlMode
• Optional xmlMode: boolean | "foreign"
Treat the input as an XML document; enables the emptyAttrs and selfClosingTags options.
If the value is "foreign", it will try to correct mixed-case attribute names.
default false
Ecosystem
| Name | Description |
|---|---|
| htmlparser2 | Fast & forgiving HTML/XML parser |
| domhandler | Handler for htmlparser2 that turns documents into a DOM |
| domutils | Utilities for working with domhandler's DOM |
| css-select | CSS selector engine, compatible with domhandler's DOM |
| cheerio | The jQuery API for domhandler's DOM |
| dom-serializer | Serializer for domhandler's DOM |
LICENSE: MIT
No vulnerabilities found.
Reason
30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
SAST tool is run on all commits
Details
- Info: SAST configuration detected: CodeQL
- Info: all commits (30) are checked with a SAST tool
Reason
2 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/dom-serializer/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/dom-serializer/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/dom-serializer/codeql-analysis.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-automerge.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/dom-serializer/dependabot-automerge.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/dom-serializer/nodejs-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/dom-serializer/nodejs-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/dom-serializer/nodejs-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:48: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/dom-serializer/nodejs-test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:64: update your workflow using https://app.stepsecurity.io/secureworkflow/cheeriojs/dom-serializer/nodejs-test.yml/master?enable=pin
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 third-party GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:17
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:18
- Warn: jobLevel 'checks' permission set to 'write': .github/workflows/nodejs-test.yml:31
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/nodejs-test.yml:32
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/dependabot-automerge.yml:7
- Info: topLevel 'contents' permission set to 'read': .github/workflows/nodejs-test.yml:15
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Score
7
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More