Gathering detailed insights and metrics for domutils
Gathering detailed insights and metrics for domutils
Utilities for working with htmlparser2's DOM
Installations
npm install domutilsDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS, ESM
Node Version
23.5.0
NPM Version
11.0.0
Score
99.1
Supply Chain
79.5
Quality
78.5
Maintenance
100
Vulnerability
100
License
Releases
21
Languages
1
TypeScript
TypeScript (100%)
Developer
Download Statistics
Total Downloads
9,631,878,722
Last Day
2,410,198
Last Week
47,481,932
Last Month
204,871,590
Last Year
2,205,796,746
GitHub Statistics
BSD-2-Clause License
213 Stars
1,816 Commits
59 Forks
3 Watchers
7 Branches
19 Contributors
Updated on Jul 01, 2025
Bundle Size
67.85 kB
Minified
30.41 kB
Minified + Gzipped
Sponsor this package
Maintainers
1
Package Meta Information
Latest Version
3.2.2
Package Id
domutils@3.2.2
Unpacked Size
162.83 kB
Size
23.33 kB
File Count
68
NPM Version
11.0.0
Node Version
23.5.0
Published on
Jan 06, 2025
Total Downloads
Cumulative downloads
Total Downloads
9,631,878,722
domutils 
Utilities for working with htmlparser2's DOM.
All functions are exported as a single module. Look through the docs to see what is available.
Ecosystem
| Name | Description |
|---|---|
| htmlparser2 | Fast & forgiving HTML/XML parser |
| domhandler | Handler for htmlparser2 that turns documents into a DOM |
| domutils | Utilities for working with domhandler's DOM |
| css-select | CSS selector engine, compatible with domhandler's DOM |
| cheerio | The jQuery API for domhandler's DOM |
| dom-serializer | Serializer for domhandler's DOM |
License: BSD-2-Clause
Security contact information
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
domutils for enterprise
Available as part of the Tidelift Subscription
The maintainers of domutils and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
No vulnerabilities found.
Reason
30 commit(s) out of 30 and 1 issue activity out of 30 found in the last 90 days -- score normalized to 10
Reason
all last 30 commits are reviewed through GitHub
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: : LICENSE:1
Reason
update tool detected
Details
- Info: Dependabot detected: .github/dependabot.yml:1
Reason
no vulnerabilities detected
Reason
dependency not pinned by hash detected -- score normalized to 7
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/dependabot-automerge.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/dependabot-automerge.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs-test.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/site.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/site.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/site.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/site.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/site.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/site.yml/master?enable=pin
- Info: Dockerfile dependencies are pinned
- Info: no insecure (not pinned by hash) dependency downloads found in Dockerfiles
- Info: no insecure (not pinned by hash) dependency downloads found in shell scripts
Reason
branch protection is not maximal on development and all release branches
Details
- Info: 'force pushes' disabled on branch 'master'
- Info: 'allow deletion' disabled on branch 'master'
- Info: status check found to merge onto on branch 'master'
- Warn: number of required reviewers is only 0 on branch 'master'
Reason
no badge detected
Reason
non read-only tokens detected in GitHub workflows
Details
- Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=permissions
- Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=permissions
- Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/codeql-analysis.yml/master?enable=permissions
- Warn: topLevel 'contents' permission set to 'write': .github/workflows/dependabot-automerge.yml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/dependabot-automerge.yml/master?enable=permissions
- Warn: no topLevel permission defined: .github/workflows/nodejs-test.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/nodejs-test.yml/master?enable=permissions
- Warn: no topLevel permission defined: .github/workflows/site.yml:1: update your workflow using https://app.stepsecurity.io/secureworkflow/cesarferreira/awsnap/site.yml/master?enable=permissions
Reason
project is not fuzzed
Reason
security policy file not detected
Score
6.8
/10
Last Scanned on 2022-08-15
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More