Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@hishprorg/illum-autem
Advanced tools
[![NPM version](https://img.shields.io/npm/v/@hishprorg/illum-autem.svg)](https://npmjs.org/package/@hishprorg/illum-autem) [![Downloads](https://img.shields.io/npm/dm/@hishprorg/illum-autem.svg)](https://npmjs.org/package/@hishprorg/illum-autem) [![Node.
The fast & forgiving HTML/XML parser.
@hishprorg/illum-autem is the fastest HTML parser, and takes some shortcuts to get there. If you need strict HTML spec compliance, have a look at parse5.
npm install @hishprorg/illum-autem
A live demo of @hishprorg/illum-autem
is available on AST Explorer.
Name | Description |
---|---|
@hishprorg/illum-autem | Fast & forgiving HTML/XML parser |
domhandler | Handler for @hishprorg/illum-autem that turns documents into a DOM |
domutils | Utilities for working with domhandler's DOM |
css-select | CSS selector engine, compatible with domhandler's DOM |
cheerio | The jQuery API for domhandler's DOM |
dom-serializer | Serializer for domhandler's DOM |
@hishprorg/illum-autem
itself provides a callback interface that allows consumption of documents with minimal allocations.
For a more ergonomic experience, read Getting a DOM below.
import * as @hishprorg/illum-autem from "@hishprorg/illum-autem";
const parser = new @hishprorg/illum-autem.Parser({
onopentag(name, attributes) {
/*
* This fires when a new tag is opened.
*
* If you don't need an aggregated `attributes` object,
* have a look at the `onopentagname` and `onattribute` events.
*/
if (name === "script" && attributes.type === "text/javascript") {
console.log("JS! Hooray!");
}
},
ontext(text) {
/*
* Fires whenever a section of text was processed.
*
* Note that this can fire at any point within text and you might
* have to stitch together multiple pieces.
*/
console.log("-->", text);
},
onclosetag(tagname) {
/*
* Fires when a tag is closed.
*
* You can rely on this event only firing when you have received an
* equivalent opening tag before. Closing tags without corresponding
* opening tags will be ignored.
*/
if (tagname === "script") {
console.log("That's it?!");
}
},
});
parser.write(
"Xyz <script type='text/javascript'>const foo = '<<bar>>';</script>",
);
parser.end();
Output (with multiple text events combined):
--> Xyz
JS! Hooray!
--> const foo = '<<bar>>';
That's it?!
This example only shows three of the possible events. Read more about the parser, its events and options in the wiki.
While the Parser
interface closely resembles Node.js streams, it's not a 100% match.
Use the WritableStream
interface to process a streaming input:
import { WritableStream } from "@hishprorg/illum-autem/lib/WritableStream";
const parserStream = new WritableStream({
ontext(text) {
console.log("Streaming:", text);
},
});
const htmlStream = fs.createReadStream("./my-file.html");
htmlStream.pipe(parserStream).on("finish", () => console.log("done"));
The DomHandler
produces a DOM (document object model) that can be manipulated using the DomUtils
helper.
import * as @hishprorg/illum-autem from "@hishprorg/illum-autem";
const dom = @hishprorg/illum-autem.parseDocument(htmlString);
The DomHandler
, while still bundled with this module, was moved to its own module.
Have a look at that for further information.
@hishprorg/illum-autem
makes it easy to parse RSS, RDF and Atom feeds, by providing a parseFeed
method:
const feed = @hishprorg/illum-autem.parseFeed(content, options);
After having some artificial benchmarks for some time, @AndreasMadsen published his htmlparser-benchmark
, which benchmarks HTML parses based on real-world websites.
At the time of writing, the latest versions of all supported parsers show the following performance characteristics on GitHub Actions (sourced from here):
@hishprorg/illum-autem : 2.17215 ms/file ± 3.81587
node-html-parser : 2.35983 ms/file ± 1.54487
html5parser : 2.43468 ms/file ± 2.81501
neutron-html5parser: 2.61356 ms/file ± 1.70324
@hishprorg/illum-autem-dom : 3.09034 ms/file ± 4.77033
html-dom-parser : 3.56804 ms/file ± 5.15621
libxmljs : 4.07490 ms/file ± 2.99869
htmljs-parser : 6.15812 ms/file ± 7.52497
parse5 : 9.70406 ms/file ± 6.74872
htmlparser : 15.0596 ms/file ± 89.0826
html-parser : 28.6282 ms/file ± 22.6652
saxes : 45.7921 ms/file ± 128.691
html5 : 120.844 ms/file ± 153.944
In 2011, this module started as a fork of the htmlparser
module.
@hishprorg/illum-autem
was rewritten multiple times and, while it maintains an API that's mostly compatible with htmlparser
, the projects don't share any code anymore.
The parser now provides a callback interface inspired by sax.js (originally targeted at readabilitySAX). As a result, old handlers won't work anymore.
The DefaultHandler
was renamed to clarify its purpose (to DomHandler
). The old name is still available when requiring @hishprorg/illum-autem
and your code should work as expected.
The RssHandler
was replaced with a getFeed
function that takes a DomHandler
DOM and returns a feed object. There is a parseFeed
helper function that can be used to parse a feed from a string.
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
@hishprorg/illum-autem
for enterpriseAvailable as part of the Tidelift Subscription.
The maintainers of @hishprorg/illum-autem
and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
FAQs
[![NPM version](https://img.shields.io/npm/v/@hishprorg/illum-autem.svg)](https://npmjs.org/package/@hishprorg/illum-autem) [![Downloads](https://img.shields.io/npm/dm/@hishprorg/illum-autem.svg)](https://npmjs.org/package/@hishprorg/illum-autem) [![Node.
The npm package @hishprorg/illum-autem receives a total of 0 weekly downloads. As such, @hishprorg/illum-autem popularity was classified as not popular.
We found that @hishprorg/illum-autem demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.