npmpackage.info

isomorphic-dompurify

Use DOMPurify on server and client in the same way

2.19.0

428

MIT

JavaScript

5.84 kB

56,928,839 4.4

Installations

npm install isomorphic-dompurify

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS, UMD

Min. Node Version

>=18

Node Version

22.11.0

NPM Version

10.9.1 Score

29.6

Supply Chain

71.1

Quality

90.3

Maintenance

100

Vulnerability

98.9

License

Pull Requests

Open

1

Total

270

Closed

23

Merged

246

Issues

Open

7

Total

33

Closed

26

Releases

Updated dependencies

v2.19.0

Published on 10 Dec 2024

Updated dependencies

v2.18.0

Published on 30 Nov 2024

Removed @types/dompurify dependency. Updated dompurify and other dependencies.

v2.17.0

Published on 24 Nov 2024

Updated dependencies

v2.16.0

Published on 27 Sept 2024

Updated dependencies. Switched to Vitest

v2.15.0

Published on 27 Aug 2024

Updated dependencies

v2.14.0

Published on 25 Jul 2024

View all 61 releases

Contributors

View all 5 contributors

Languages

JavaScript

JavaScript (100%)

Developer

kkomelin

Download Statistics

Total Downloads

56,928,839

Last Day

78,104

Last Week

618,775

Last Month

2,696,425

Last Year

27,187,907

GitHub Statistics

428 Stars

595 Commits

13 Forks

6 Watching

1 Branches

5 Contributors

Maintainers

Package Meta Information

Latest Version

2.19.0

Package Id

isomorphic-dompurify@2.19.0

Unpacked Size

5.84 kB

Size

2.79 kB

File Count

NPM Version

10.9.1

Node Version

22.11.0

Publised On

10 Dec 2024

Total Downloads

Cumulative downloads

Total Downloads

56,928,839

Last day

-34.9%

78,104

Compared to previous day

Last week

-7.4%

618,775

Compared to previous week

Last month

-3.9%

2,696,425

Compared to previous month

Last year

49.5%

27,187,907

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

dompurify jsdom

Dev Dependencies

terser vitest

Versions

Isomorphic DOMPurify

The library makes it possible to seamlessly use DOMPurify on server and client in the same way. It does nothing by itself except providing an isomorphic/universal wrapper around DOMPurify, so all credits go to DOMPurify authors and contributors.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks.

Motivation

DOMPurify needs a DOM tree to base on, which is not available in Node by default. To work on the server side, we need a fake DOM to be created and supplied to DOMPurify. It means that DOMPurify initialization logic on the server is not the same as on the client.

This project was born with the idea of encapsulating DOMPurify initialization details and providing an easy way to import the library on both, server and client, for example in Next.js apps.

It was inspired by Isomorphic Unfetch.

Requirements

isomorphic-dompurify	Node.js	Environment
`<=0.19.0`	`>=12`	Server
`>=0.20.0`	`>=14`	Server
`>=1.4.0`	`>=16`	Server
`>=1.10.0`	`>=18`	Server

Installation

1$ npm i isomorphic-dompurify

Updates

Please note that DOMPurify library doesn't follow Semantic Versioning, so we have to release every change as a minor version because we cannot be 100% sure whether new features are added to patch DOMPurify releases or not.

Usage

Import:

1import DOMPurify from "isomorphic-dompurify";

Importing the entire module for the client/browser version is recommended.

Sanitize:

1const clean = DOMPurify.sanitize(dirtyString);

or with config:

1const clean = DOMPurify.sanitize(dirtyString, { USE_PROFILES: { html: true } });

Known Issues

Next.js and Remix are mistakenly trying to use the browser entry point on server, which causes the Window is not defined issue. #228 #214 https://github.com/vercel/next.js/discussions/58142
Can't resolve 'canvas' on Next.js serverless app

License

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Maintained

Determines if the project is "actively maintained".

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

License

Determines if the project has defined a license.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Security-Policy

Determines if the project has published a security policy.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

Score

4.4

/10

Last Scanned on 2024-12-16

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More

Other packages similar to isomorphic-dompurify

universal-dompurify

1.0.21

💎 Use DOMPurify for some context by conditional exports

@jill64/universal-sanitizer

1.3.5

💎 Isomorphic html sanitizer by DOMPurify + sanitize-html

html-converter-react

2.0.0

**html-converter-react** is an isomorphic utility function that provides easy way to convert your string into a safely sanitized html. It's built on top of dompurify and it's made to work with react.