πŸš€ Big News:Socket Has Acquired Secure Annex.Learn More β†’
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@cyberhub/trust-xml2js

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@cyberhub/trust-xml2js

Security Trust Report: xml2js@0.6.2 β€” 61/100 (C+, standard). 1 vulnerability found. Maintainer risk, supply chain analysis from 8 security databases.

latest
Source
npmnpm
Version
1.0.3
Version published
Maintainers
1
Created
Source

Security Trust Report: xml2js

xml2js@0.6.2: 61/100 | Grade: C+ | Tier: STANDARD (confidence: Β±3)

Data verified on 2026-04-02 from 8 security databases.

TL;DR

  • 1 vulnerability found (1 critical, 0 high)
  • Consider switching to fast-xml-parser (Faster, no prototype pollution)
  • Pin your version and monitor for changes

Score Breakdown

Maintainer Trust:  β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘β–‘β–‘ 67/100
Package Health:    β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘ 87/100
Supply Chain:      β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘ 34/100
Community:         β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘β–‘ 47/100

Why this score?

  • Supply Chain is 34 because: 1 known CVEs, in breach database
  • Community is 47 because: no GitHub repo found

Vulnerabilities (1 vulnerability)

SeverityCount
πŸ”΄ Critical1
  • CVE-2023-0842

Key Risk Flags

  • πŸ”΄ CRITICAL: RECENT-ISH BREACH: Prototype pollution CVE-2023-0842 (2023)
  • πŸ”΄ CRITICAL: 1 CRITICAL vulnerability(ies) from live CVE databases
  • 🟠 HIGH: Maintainer(s) removed in v0.2.2: maqr
  • 🟠 HIGH: Burst publishing detected β€” 5+ versions in a single day

πŸ› οΈ What Should You Do?

Immediate:

  • Upgrade to the latest version (npm update xml2js)
  • Or replace with fast-xml-parser

Always: Pin version, run pkgtrust scan in CI, monitor at nrupak.com/trust/xml2js

πŸ”„ Safer Alternatives

PackageWhyTrust Report
fast-xml-parserFaster, no prototype pollutionView score
htmlparser2Streaming XML/HTML parserView score

Maintainers

Methodology: 18+ signals across 4 categories (Maintainer 35%, Package 25%, Supply Chain 25%, Community 15%). Full scoring docs β†’

Check your project: npm i -g @cyberhub/pkgtrust && pkgtrust scan xml2js β€” CLI docs Data Sources: GitHub Advisories Β· OSV.dev Β· npm audit Β· Snyk Β· Socket.dev Β· npms.io Β· Bundlephobia Β· deps.dev

Report by pkgtrust Β· Dashboard Β· Compare Β· CLI

This is an automated security report. Not affiliated with the xml2js team. Updated 2026-04-02.

Keywords

xml2js
security
security-report
trust-score
vulnerability
npm-audit

FAQs

Package last updated on 02 Apr 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape

Security News

Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape

A critical vm2 sandbox escape can allow untrusted JavaScript to break isolation and execute commands on the host Node.js process.

By Wenxin Jiang, Marvin Fleischer, Jonah GhebremichaelΒ  - Β May 08, 2026