Gathering detailed insights and metrics for posthtml-parser
Gathering detailed insights and metrics for posthtml-parser
Installations
npm install posthtml-parserDeveloper Guide
BETA
Typescript
Yes
Module System
CommonJS
Min. Node Version
>=16
Node Version
20.13.1
NPM Version
10.5.2
Releases
34
Languages
2
TypeScript
Shell
TypeScript (98.49%)
Shell (1.51%)
Developer
posthtml
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
112 Stars
271 Commits
22 Forks
8 Watchers
5 Branches
20 Contributors
Updated on Jun 16, 2025
Maintainers
3
Package Meta Information
Latest Version
0.12.1
Package Id
posthtml-parser@0.12.1
Unpacked Size
12.01 kB
Size
4.93 kB
File Count
7
NPM Version
10.5.2
Node Version
20.13.1
Published on
Sep 19, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Installation
1npm install posthtml-parser
Usage
Input HTML:
1<a class="animals" href="#"> 2 <span class="animals__cat" style="background: url(cat.png)">Cat</span> 3</a>
Parse with posthtml-parser:
1import fs from 'fs' 2import { parser } from 'posthtml-parser' 3 4const html = fs.readFileSync('path/to/input.html', 'utf-8') 5 6console.log(parser(html))
Resulting PostHTML AST:
1[ 2 { 3 tag: 'a', 4 attrs: { 5 class: 'animals', 6 href: '#' 7 }, 8 content: [ 9 '\n ', 10 { 11 tag: 'span', 12 attrs: { 13 class: 'animals__cat', 14 style: 'background: url(cat.png)' 15 }, 16 content: ['Cat'] 17 }, 18 '\n' 19 ] 20 } 21]
PostHTML AST Format
Any parser used with PostHTML should return a standard PostHTML Abstract Syntax Tree (AST).
Fortunately, this is a very easy format to produce and understand. The AST is an array that can contain strings and objects. Strings represent plain text content, while objects represent HTML tags.
Tag objects generally look like this:
1{ 2 tag: 'div', 3 attrs: { 4 class: 'foo' 5 }, 6 content: ['hello world!'] 7}
Tag objects can contain three keys:
- The
tagkey takes the name of the tag as the value. This can include custom tags. - The optional
attrskey takes an object with key/value pairs representing the attributes of the html tag. A boolean attribute has an empty string as its value. - The optional
contentkey takes an array as its value, which is a PostHTML AST. In this manner, the AST is a tree that should be walked recursively.
Options
directives
Type: Array
Default: [{name: '!doctype', start: '<', end: '>'}]
Adds processing of custom directives.
The property name in custom directives can be of String or RegExp type.
xmlMode
Type: Boolean
Default: false
Indicates whether special tags (<script> and <style>) should get special treatment and if "empty" tags (eg. <br>) can have children. If false, the content of special tags will be text only.
For feeds and other XML content (documents that don't consist of HTML), set this to true.
decodeEntities
Type: Boolean
Default: false
If set to true, entities within the document will be decoded.
lowerCaseTags
Type: Boolean
Default: false
If set to true, all tags will be lowercased. If xmlMode is disabled.
lowerCaseAttributeNames
Type: Boolean
Default: false
If set to true, all attribute names will be lowercased.
This has noticeable impact on speed.
recognizeCDATA
Type: Boolean
Default: false
If set to true, CDATA sections will be recognized as text even if the xmlMode option is not enabled.
If xmlMode is set to true, then CDATA sections will always be recognized as text.
recognizeSelfClosing
Type: Boolean
Default: false
If set to true, self-closing tags will trigger the onclosetag event even if xmlMode is not set to true.
If xmlMode is set to true, then self-closing tags will always be recognized.
sourceLocations
Type: Boolean
Default: false
If set to true, AST nodes will have a location property containing the start and end line and column position of the node.
recognizeNoValueAttribute
Type: Boolean
Default: false
If set to true, AST nodes will recognize attribute with no value and mark as true which will be correctly rendered by posthtml-render package.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: license:0
- Info: FSF or OSI recognized license: MIT License: license:0
Reason
dependency not pinned by hash detected -- score normalized to 4
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/posthtml/posthtml-parser/nodejs.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/nodejs.yml:27: update your workflow using https://app.stepsecurity.io/secureworkflow/posthtml/posthtml-parser/nodejs.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/nodejs.yml:38: update your workflow using https://app.stepsecurity.io/secureworkflow/posthtml/posthtml-parser/nodejs.yml/master?enable=pin
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 1 out of 1 npmCommand dependencies pinned
Reason
Found 2/6 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/nodejs.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 27 are checked with a SAST tool
Reason
13 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-mwcw-c2x4-8c55
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
- Warn: Project is vulnerable to: GHSA-3mv9-4h5g-vhg3
- Warn: Project is vulnerable to: GHSA-vg6x-rcgg-rjx6
- Warn: Project is vulnerable to: GHSA-x574-m823-4x7w
- Warn: Project is vulnerable to: GHSA-4r4m-qw57-chr8
- Warn: Project is vulnerable to: GHSA-xcj6-pq6g-qj4x
- Warn: Project is vulnerable to: GHSA-356w-63v5-8wf4
- Warn: Project is vulnerable to: GHSA-859w-5945-r5v3
Score
3.3
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More