Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@lezer/html
Advanced tools
@lezer/html is a parser for HTML, built on the Lezer parser system. It provides a way to parse HTML documents into a syntax tree, which can be used for various purposes such as syntax highlighting, code analysis, and transformation.
Parsing HTML
This feature allows you to parse an HTML string into a syntax tree. The code sample demonstrates how to use the parser to convert an HTML string into a tree structure.
const {parser} = require('@lezer/html');
const input = '<div>Hello, world!</div>';
const tree = parser.parse(input);
console.log(tree.toString());
Syntax Tree Traversal
This feature allows you to traverse the syntax tree generated by the parser. The code sample shows how to use a TreeCursor to iterate over the nodes in the syntax tree.
const {parser} = require('@lezer/html');
const {TreeCursor} = require('@lezer/common');
const input = '<div>Hello, world!</div>';
const tree = parser.parse(input);
let cursor = tree.cursor();
do {
console.log(cursor.node.type.name);
} while (cursor.next());
Custom Syntax Highlighting
This feature allows you to apply custom syntax highlighting to the parsed HTML. The code sample demonstrates how to use the highlightTree function along with custom styles to highlight different parts of the HTML.
const {parser} = require('@lezer/html');
const {highlightTree} = require('@lezer/highlight');
const {styleTags, tags} = require('@lezer/highlight');
const input = '<div>Hello, world!</div>';
const tree = parser.parse(input);
const highlightStyle = styleTags({
TagName: tags.tagName,
AttributeName: tags.attributeName,
AttributeValue: tags.attributeValue
});
let highlighted = '';
highlightTree(tree, highlightStyle, (from, to, classes) => {
highlighted += input.slice(from, to) + ' [' + classes + ']';
});
console.log(highlighted);
htmlparser2 is a fast and forgiving HTML/XML parser. It is designed to be used in a streaming manner and can handle large documents efficiently. Compared to @lezer/html, htmlparser2 is more focused on performance and streaming parsing, while @lezer/html provides a more structured syntax tree and integration with the Lezer parser system.
parse5 is a versatile and fully spec-compliant HTML parser. It can parse HTML into a DOM-like structure and is used in many popular projects. Compared to @lezer/html, parse5 offers a more comprehensive and spec-compliant parsing, but @lezer/html provides a more lightweight and modular approach with integration into the Lezer ecosystem.
cheerio is a fast, flexible, and lean implementation of core jQuery designed specifically for the server. It parses HTML and provides a jQuery-like API for manipulating the resulting structure. Compared to @lezer/html, cheerio is more focused on providing a familiar API for DOM manipulation, while @lezer/html is focused on parsing and syntax tree generation.
This is an HTML grammar for the lezer parser system.
The code is licensed under an MIT license.
This package exports two bindings:
parser
: Parser
The parser instance for the basic HTML grammar.
configureNesting
(tags: {
tag: string,
attrs?: (attrs: {[attr: string]: string}) => boolean,
parser: {startParse: (input: Input, startPos: number, context: ParseContext) => PartialParse},
}[]): {[name: string]: NestedParser}
Create a nested parser config object which overrides the way the
content of some tags is parsed. Each override is an object with a
tag
property holding the (lower case) tag name to override, and an
optional attrs
predicate that, if given, has to return true for the
tag's attributes for this override to apply.
The parser
property describes the way the tag's content is parsed.
1.0.1 (2022-07-27)
Continue parsing when an invalid entity reference appears in an attribute value.
FAQs
lezer-based HTML grammar
The npm package @lezer/html receives a total of 326,913 weekly downloads. As such, @lezer/html popularity was classified as popular.
We found that @lezer/html demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.