npmpackage.info

Gathering detailed insights and metrics for xmldom-qsa

Other packages similar to xmldom-qsa

@sky-uk/xmldom-qsa

1.1.4

Based on @xmldom/xmldom with some minor enhancements. Add querySelector, querySelectorAll and match method to Document and Element.

Gathering detailed insights and metrics for xmldom-qsa

xmldom-qsa - 1.1.3 | npmpackage.info

xmldom-qsa

A pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module.

1.1.3

MIT

JavaScript

16.87 kB

3,075,722 3.5

Installations

npm install xmldom-qsa

Developer Guide

BETA

Typescript

Yes

Module System

CommonJS

Min. Node Version

>=8.0.0

Node Version

16.10.0

NPM Version

7.24.0 Score

97.1

Supply Chain

100

Quality

75.9

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

0

Total

2

Closed

0

Merged

2

Issues

Open

3

Total

4

Closed

1

Releases

Unable to fetch releases

Languages

JavaScript

Handlebars

Shell

JavaScript (99.5%)

Handlebars (0.31%)

Shell (0.18%)

Developer

zeligzhou

Download Statistics

Total Downloads

3,075,722

Last Day

1,064

Last Week

21,354

Last Month

167,278

Last Year

1,321,567

GitHub Statistics

MIT License

7 Stars

510 Commits

1 Forks

9 Branches

1 Contributors

Updated on Jun 05, 2025

Bundle Size

47.26 kB

Minified

16.87 kB

Minified + Gzipped

Bundlephobia

Maintainers

View All 1 Contributors

Package Meta Information

Latest Version

1.1.3

Package Id

xmldom-qsa@1.1.3

Unpacked Size

179.40 kB

Size

47.59 kB

File Count

NPM Version

7.24.0

Node Version

16.10.0

Published on

Apr 30, 2023

Total Downloads

Cumulative downloads

Total Downloads

3,075,722

Last Day

8.7%

1,064

Compared to previous day

Last Week

-44.2%

21,354

Compared to previous week

Last Month

-7.1%

167,278

Compared to previous month

Last Year

91.6%

1,321,567

Compared to previous year

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dev Dependencies

@stryker-mutator/core auto-changelog eslint eslint-config-prettier eslint-plugin-es5 eslint-plugin-prettier get-stream jest nodemon np prettier xmltest yauzl

xmldom-qsa

This is based on xmldom with some minor enhancements.

xmldom-qsa add querySelector, querySelectorAll and match method to Document and Element. And you can write some more methods to these elements by add prototype methods to Node.

xmldom is a javascript ponyfill to provide the following APIs that are present in modern browsers to other runtimes:

convert an XML string into a DOM tree

new DOMParser().parseFromString(xml, mimeType) => Document

create, access and modify a DOM tree

new DOMImplementation().createDocument(...) => Document

serialize a DOM tree back into an XML string

new XMLSerializer().serializeToString(node) => string

The target runtimes xmldom supports are currently Node >= v10 (ES5) and Rhino (not tested as part of CI).

When deciding how to fix bugs or implement features, xmldom tries to stay as close as possible to the various related specifications/standards. As indicated by the version starting with 0., this implementation is not feature complete and some implemented features differ from what the specifications describe. Issues and PRs for such differences are always welcome, even when they only provide a failing test case.

This project was forked from it's original source in 2019, more details about that transition can be found in the CHANGELOG.

Usage

Install:

npm install xmldom-qsa

Enhancements:

1
2doc.documentElement.querySelector('.clazz');
3
4var Node = require('xmldom-qsa/dom').Node;
5Node.prototype.addAttr = function(x,y) { ... }
6doc.documentElement.addAttr('x','y');
7

Example:

In NodeJS

1const { DOMParser } = require('xmldom-qsa')
2
3const doc = new DOMParser().parseFromString(
4    '<xml xmlns="a" xmlns:c="./lite">\n' +
5        '\t<child>test</child>\n' +
6        '\t<child></child>\n' +
7        '\t<child/>\n' +
8        '</xml>',
9    'text/xml'
10)
11doc.documentElement.setAttribute('x', 'y')
12doc.documentElement.setAttributeNS('./lite', 'c:x', 'y2')
13console.info(doc)
14
15const nsAttr = doc.documentElement.getAttributeNS('./lite', 'x')
16console.info(nsAttr)

Note: in Typescript ~~and ES6~~(see #316) you can use the import approach, as follows:

1import { DOMParser } from 'xmldom-qsa'

API Reference

DOMParser:

1parseFromString(xmlsource,mimeType)

options extension by xmldom (not DOM standard!!)

1//added the options argument
2new DOMParser(options)
3
4//errorHandler is supported
5new DOMParser({
6	/**
7	 * locator is always need for error position info
8	 */
9	locator:{},
10	/**
11	 * you can override the errorHandler for xml parser
12	 * @link http://www.saxproject.org/apidoc/org/xml/sax/ErrorHandler.html
13	 */
14	errorHandler:{warning:function(w){console.warn(w)},error:callback,fatalError:callback}
15	//only callback model
16	//errorHandler:function(level,msg){console.log(level,msg)}
17})
18

XMLSerializer
```
1serializeToString(node)
```

DOM level2 method and attribute:

Node

readonly class properties (aka NodeType), these can be accessed from any Node instance node: if (node.nodeType === node.ELEMENT_NODE) {...
1. ELEMENT_NODE (1)
2. ATTRIBUTE_NODE (2)
3. TEXT_NODE (3)
4. CDATA_SECTION_NODE (4)
5. ENTITY_REFERENCE_NODE (5)
6. ENTITY_NODE (6)
7. PROCESSING_INSTRUCTION_NODE (7)
8. COMMENT_NODE (8)
9. DOCUMENT_NODE (9)
10. DOCUMENT_TYPE_NODE (10)
11. DOCUMENT_FRAGMENT_NODE (11)
12. NOTATION_NODE (12)
attribute:
- nodeValue | prefix
readonly attribute:
- nodeName | nodeType | parentNode | childNodes | firstChild | lastChild | previousSibling | nextSibling | attributes | ownerDocument | namespaceURI | localName
method:
- insertBefore(newChild, refChild)
- replaceChild(newChild, oldChild)
- removeChild(oldChild)
- appendChild(newChild)
- hasChildNodes()
- cloneNode(deep)
- normalize()
- isSupported(feature, version)
- hasAttributes()
DOMException

extends the Error type thrown as part of DOM API.

readonly class properties:
- INDEX_SIZE_ERR (1)
- DOMSTRING_SIZE_ERR (2)
- HIERARCHY_REQUEST_ERR (3)
- WRONG_DOCUMENT_ERR (4)
- INVALID_CHARACTER_ERR (5)
- NO_DATA_ALLOWED_ERR (6)
- NO_MODIFICATION_ALLOWED_ERR (7)
- NOT_FOUND_ERR (8)
- NOT_SUPPORTED_ERR (9)
- INUSE_ATTRIBUTE_ERR (10)
- INVALID_STATE_ERR (11)
- SYNTAX_ERR (12)
- INVALID_MODIFICATION_ERR (13)
- NAMESPACE_ERR (14)
- INVALID_ACCESS_ERR (15)
attributes:
- code with a value matching one of the above constants.
DOMImplementation

method:
- hasFeature(feature, version)
- createDocumentType(qualifiedName, publicId, systemId)
- createDocument(namespaceURI, qualifiedName, doctype)
Document : Node

readonly attribute:
- doctype | implementation | documentElement
method:
- createElement(tagName)
- createDocumentFragment()
- createTextNode(data)
- createComment(data)
- createCDATASection(data)
- createProcessingInstruction(target, data)
- createAttribute(name)
- createEntityReference(name)
- getElementsByTagName(tagname)
- importNode(importedNode, deep)
- createElementNS(namespaceURI, qualifiedName)
- createAttributeNS(namespaceURI, qualifiedName)
- getElementsByTagNameNS(namespaceURI, localName)
- getElementById(elementId)
DocumentFragment : Node
Element : Node

readonly attribute:
- tagName
method:
- getAttribute(name)
- setAttribute(name, value)
- removeAttribute(name)
- getAttributeNode(name)
- setAttributeNode(newAttr)
- removeAttributeNode(oldAttr)
- getElementsByTagName(name)
- getAttributeNS(namespaceURI, localName)
- setAttributeNS(namespaceURI, qualifiedName, value)
- removeAttributeNS(namespaceURI, localName)
- getAttributeNodeNS(namespaceURI, localName)
- setAttributeNodeNS(newAttr)
- getElementsByTagNameNS(namespaceURI, localName)
- hasAttribute(name)
- hasAttributeNS(namespaceURI, localName)
Attr : Node

attribute:
- value
readonly attribute:
- name | specified | ownerElement
NodeList

readonly attribute:
- length
method:
- item(index)
NamedNodeMap

readonly attribute:
- length
method:
- getNamedItem(name)
- setNamedItem(arg)
- removeNamedItem(name)
- item(index)
- getNamedItemNS(namespaceURI, localName)
- setNamedItemNS(arg)
- removeNamedItemNS(namespaceURI, localName)
CharacterData : Node

method:
- substringData(offset, count)
- appendData(arg)
- insertData(offset, arg)
- deleteData(offset, count)
- replaceData(offset, count, arg)
Text : CharacterData

method:
- splitText(offset)
CDATASection
Comment : CharacterData
DocumentType

readonly attribute:
- name | entities | notations | publicId | systemId | internalSubset
Notation : Node

readonly attribute:
- publicId | systemId
Entity : Node

readonly attribute:
- publicId | systemId | notationName
EntityReference : Node
ProcessingInstruction : Node

attribute:
- data readonly attribute:
- target

DOM level 3 support:

Node

attribute:
- textContent
method:
- isDefaultNamespace(namespaceURI)
- lookupNamespaceURI(prefix)

DOM extension by xmldom

[Node] Source position extension;

attribute:
- lineNumber //number starting from 1
- columnNumber //number starting from 1

Specs

The implementation is based on several specifications:

DOM Parsing and Serialization

From the W3C DOM Parsing and Serialization (WD 2016) xmldom provides an implementation for the interfaces:

DOMParser
XMLSerializer

Note that there are some known deviations between this implementation and the W3 specifications.

Note: The latest version of this spec has the status "Editors Draft", since it is under active development. One major change is that the definition of the DOMParser interface has been moved to the HTML spec

DOM

The original author claims that xmldom implements [DOM Level 2] in a "fully compatible" way and some parts of [DOM Level 3], but there are not enough tests to prove this. Both Specifications are now superseded by the [DOM Level 4 aka Living standard] wich has a much broader scope than xmldom.

xmldom implements the following interfaces (most constructors are currently not exposed):

Attr
CDATASection
CharacterData
Comment
Document
DocumentFragment
DocumentType
DOMException (constructor exposed)
DOMImplementation (constructor exposed)
Element
Entity
EntityReference
LiveNodeList
NamedNodeMap
Node (constructor exposed)
NodeList
Notation
ProcessingInstruction
Text

more details are available in the (incomplete) API Reference section.

HTML

xmldom does not have any goal of supporting the full spec, but it has some capability to parse, report and serialize things differently when "detecting HTML" (by checking the default namespace). There is an upcoming change to better align the implementation with the latest specs, related to https://github.com/xmldom/xmldom/issues/203.

SAX, XML, XMLNS

xmldom has an own SAX parser implementation to do the actual parsing, which implements some interfaces in alignment with the Java interfaces SAX defines:

XMLReader
DOMHandler

There is an idea/proposal to make it possible to replace it with something else in https://github.com/xmldom/xmldom/issues/55

No vulnerabilities found.

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Security-Policy

Determines if the project has published a security policy.

10

License

Determines if the project has defined a license.

1

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

Reason

dependency not pinned by hash detected -- score normalized to 1

Details

Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/zeligzhou/xmldom-qsa/examples.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/zeligzhou/xmldom-qsa/examples.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:49: update your workflow using https://app.stepsecurity.io/secureworkflow/zeligzhou/xmldom-qsa/examples.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/examples.yml:51: update your workflow using https://app.stepsecurity.io/secureworkflow/zeligzhou/xmldom-qsa/examples.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stryker.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/zeligzhou/xmldom-qsa/stryker.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/stryker.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/zeligzhou/xmldom-qsa/stryker.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-node.js.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/zeligzhou/xmldom-qsa/test-node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-node.js.yml:28: update your workflow using https://app.stepsecurity.io/secureworkflow/zeligzhou/xmldom-qsa/test-node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-node.js.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/zeligzhou/xmldom-qsa/test-node.js.yml/master?enable=pin
Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test-node.js.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/zeligzhou/xmldom-qsa/test-node.js.yml/master?enable=pin
Warn: npmCommand not pinned by hash: examples/typescript-node-es6/pretest.sh:6
Warn: npmCommand not pinned by hash: examples/typescript-node-es6/pretest.sh:7
Warn: npmCommand not pinned by hash: .github/workflows/examples.yml:30
Info: 0 out of 10 GitHub-owned GitHubAction dependencies pinned
Info: 3 out of 6 npmCommand dependencies pinned

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Maintained

Determines if the project is "actively maintained".

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

SAST

Determines if the project uses static code analysis.

0

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

Score

3.5

/10

Last Scanned on 2025-06-23

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More