Gathering detailed insights and metrics for domhandler
Gathering detailed insights and metrics for domhandler
Handler for htmlparser2, to get a DOM
Installations
npm install domhandlerDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Min. Node Version
>= 4
Node Version
18.0.0
NPM Version
8.6.0
Score
99.6
Supply Chain
97.5
Quality
76
Maintenance
100
Vulnerability
100
License
Releases
15
Languages
1
TypeScript
TypeScript (100%)
Developer
Download Statistics
Total Downloads
8,088,501,542
Last Day
2,223,596
Last Week
44,866,856
Last Month
193,950,510
Last Year
2,081,099,020
GitHub Statistics
BSD-2-Clause License
355 Stars
1,490 Commits
63 Forks
5 Watchers
6 Branches
20 Contributors
Updated on Jul 01, 2025
Bundle Size
5.97 kB
Minified
1.87 kB
Minified + Gzipped
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
5.0.3
Package Id
domhandler@5.0.3
Unpacked Size
73.57 kB
Size
12.29 kB
File Count
16
NPM Version
8.6.0
Node Version
18.0.0
Total Downloads
Cumulative downloads
Total Downloads
8,088,501,542
Last Day
-5.6%
2,223,596
Compared to previous day
Last Week
-7.8%
44,866,856
Compared to previous week
Last Month
2%
193,950,510
Compared to previous month
Last Year
19%
2,081,099,020
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
domhandler 
The DOM handler creates a tree containing all nodes of a page. The tree can be manipulated using the domutils or cheerio libraries and rendered using dom-serializer .
Usage
1const handler = new DomHandler([ <func> callback(err, dom), ] [ <obj> options ]); 2// const parser = new Parser(handler[, options]);
Available options are described below.
Example
1const { Parser } = require("htmlparser2"); 2const { DomHandler } = require("domhandler"); 3const rawHtml = 4 "Xyz <script language= javascript>var foo = '<<bar>>';</script><!--<!-- Waah! -- -->"; 5const handler = new DomHandler((error, dom) => { 6 if (error) { 7 // Handle error 8 } else { 9 // Parsing completed, do something 10 console.log(dom); 11 } 12}); 13const parser = new Parser(handler); 14parser.write(rawHtml); 15parser.end();
Output:
1[ 2 { 3 data: "Xyz ", 4 type: "text", 5 }, 6 { 7 type: "script", 8 name: "script", 9 attribs: { 10 language: "javascript", 11 }, 12 children: [ 13 { 14 data: "var foo = '<bar>';<", 15 type: "text", 16 }, 17 ], 18 }, 19 { 20 data: "<!-- Waah! -- ", 21 type: "comment", 22 }, 23];
Option: withStartIndices
Add a startIndex property to nodes.
When the parser is used in a non-streaming fashion, startIndex is an integer
indicating the position of the start of the node in the document.
The default value is false.
Option: withEndIndices
Add an endIndex property to nodes.
When the parser is used in a non-streaming fashion, endIndex is an integer
indicating the position of the end of the node in the document.
The default value is false.
License: BSD-2-Clause
Security contact information
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
domhandler for enterprise
Available as part of the Tidelift Subscription
The maintainers of domhandler and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
No vulnerabilities found.
Reason
all last 30 commits are reviewed through GitHub
Reason
30 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 10
Reason
no vulnerabilities detected
Reason
update tool detected
Details
- Info: Dependabot detected: .github/dependabot.yml:1
Reason
license file detected
Details
- Info: : LICENSE:1
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
dependency not pinned by hash detected -- score normalized to 7
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-automerge.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/dependabot-automerge.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=pin
- Info: Dockerfile dependencies are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'force pushes' disabled on branch 'master'
- Info: 'allow deletion' disabled on branch 'master'
- Info: status check found to merge onto on branch 'master'
- Warn: number of required reviewers is only 0 on branch 'master'
Reason
no badge detected
Reason
non read-only tokens detected in GitHub workflows
Details
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=permissions
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=permissions
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=permissions
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/dependabot-automerge.yml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/dependabot-automerge.yml/master?enable=permissions
- Warn: no topLevel permission defined: .github/workflows/nodejs-test.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=permissions
Reason
security policy file not detected
Reason
project is not fuzzed
Score
6.8
/10
Last Scanned on 2022-08-15
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More