🚀. Socket Launch Week Day 3:Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions.Learn more
Sign In

@nodable/flexible-xml-parser

Package Overview
Dependencies
Maintainers
1
Versions
8
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@nodable/flexible-xml-parser

Fastest and fully customizable XML parser in pure JS with fully customizable ouput

Source
npmnpm
Version
1.2.2
Version published
Weekly downloads
892
36.6%
Maintainers
1
Weekly downloads
 
Created
Source

@nodable/flexible-xml-parser

A high-performance, flexible XML parser in pure javascript for Node.js and browsers with pluggable output builders, composable value parsers, and multiple input modes.

From the creater of fast-xml-parser

Benefits over fast-xml-parser?

Featurefast-xml-parserflexible-xml-parser
Output formatFixed JS objectPluggable (compact, sequential, node-tree, custom)
Value parsingInline optionsSeparate, composable pipeline per output builder
Value parsers for tags vs attrsSingle configIndependent chains
Input modesString / BufferString, Buffer, Uint8Array, Stream, Feed/End
Stop node enclosuresLimitedPer-node skipEnclosures control
ExitAfter complete processingAllow partial parsing
Lenient HTML modeNoautoClose with error collection
Custom outputNoExtend BaseOutputBuilder

The core parser is intentionally minimal. Options like transformTagName, alwaysArray, forceTextNode, and value parser configuration live in the output builder, not in XMLParser. This keeps the parser lean and lets you mix builders without changing your parsing code.

Performance

fast-xml-parser doesn't support streams, while flexible-xml-parser does. This makes flexible-xml-parser more memory efficient for large XML files.

Additionally, flexible-xml-parser is considerably faster than fast-xml-parser. Checkout benchmarks for more details.

Package Ecosystem

@nodable/flexible-xml-parser is the core parser. Output builders are published separately so you only install what you need:

PackageDescription
@nodable/flexible-xml-parserCore parser (this package)
@nodable/base-output-builderBase class + value parsers (ElementType, entity parsers)
@nodable/compact-builderDefault JS-object output (like fast-xml-parser)
@nodable/sequential-builderOrdered key-value array output
@nodable/sequential-stream-builderSequential builder with streaming output
@nodable/node-tree-builderUniform AST-style node tree

Installation

npm install @nodable/flexible-xml-parser @nodable/compact-builder

Install additional builders only as needed.

Quick Start

import XMLParser from '@nodable/flexible-xml-parser';
import { CompactBuilderFactory } from '@nodable/compact-builder';

// Default output (uses CompactBuilder internally)
const parser = new XMLParser();
const result = parser.parse('<root><count>3</count><active>true</active></root>');
// { root: { count: 3, active: true } }

// With attributes
const parser2 = new XMLParser({ skip: { attributes: false } });
parser2.parse('<item id="1">hello</item>');
// { item: { '@_id': 1, '#text': 'hello' } }

Options

All options are optional. Pass only what you need.

new XMLParser({
  // What to skip
  skip: {
    attributes:  true,   // Skip all attributes
    declaration: false,  // Skip <?xml ...?> declaration
    pi:          false,  // Skip <?...?> processing instructions
    cdata:       false,  // Exclude CDATA from output entirely
    comment:     false,  // Exclude comments from output entirely
    nsPrefix:    false,  // Strip namespace prefixes (ns:tag → tag)
    tags:        [],     // Tag paths to drop silently from output
  },

  // Property names for special nodes
  nameFor: {
    text:    '#text',  // mixed-content text property
    cdata:   '',       // '' = merge into text; '#cdata' = separate key
    comment: '',       // '' = omit; '#comment' = capture
  },

  // Attribute representation
  attributes: {
    prefix:      '@_',
    suffix:      '',
    groupBy:     '',     // group all attributes under this key; '' = inline
    booleanType: false,  // allow valueless attributes (treated as true)
  },

  // Tag options
  tags: {
    unpaired:  [],  // self-closing tags without / (e.g. ['br', 'img'])
    stopNodes: [],  // paths whose content is captured raw (see docs/04-stop-nodes.md)
  },

  // DoS prevention
  limits: {
    maxNestedTags:       null,
    maxAttributesPerTag: null,
  },

  // DOCTYPE entity expansion
  doctypeOptions: {
    enabled:        false,
    maxEntityCount: 100,
    maxEntitySize:  10000,
  },

  // Security
  strictReservedNames:   false,
  onDangerousProperty:   defaultOnDangerousProperty,

  // Stop parsing early based on a condition
  exitIf: null,

  // Buffer settings for feed/stream modes
  feedable: {
    maxBufferSize:  10 * 1024 * 1024,
    autoFlush:      true,
    flushThreshold: 1024,
  },

  // Lenient HTML-mode recovery
  autoClose: null,  // null = strict; 'html' = recover from unclosed/mismatched tags

  // Pluggable output builder
  OutputBuilder: null,  // default: CompactBuilder
});

Value Parsers

Value parsers are configured on the output builder, not on XMLParser. This lets you set independent pipelines for tag text and attribute values.

Built-in parsers: 'entity', 'number', 'boolean', 'trim', 'currency'.

import { CompactBuilderFactory } from '@nodable/compact-builder';

const builder = new CompactBuilderFactory({
  tags:       { valueParsers: ['entity', 'boolean', 'number'] },
  attributes: { valueParsers: ['entity', 'number', 'boolean'] },
});

const parser = new XMLParser({ OutputBuilder: builder });

See docs/03-value-parsers.md for the full pipeline reference and custom parser guide.

Input Modes

// String or Buffer
parser.parse('<root/>');
parser.parse(Buffer.from('<root/>'));

// Typed array
parser.parseBytesArr(new Uint8Array([...]));

// Node.js Readable stream
const result = await parser.parseStream(fs.createReadStream('large.xml'));

// Incremental feed (WebSocket, chunked HTTP, etc.)
parser.feed('<root>');
parser.feed('<item>1</item>');
const result = parser.end();

Possible Usage

  • Parse XML config files, SOAP responses, RSS/Atom feeds
  • Stream-parse large XML files with bounded memory
  • Build custom AST-style output with NodeTreeBuilder
  • Lenient HTML-fragment parsing with autoClose
  • Stop-node capture for <script>, <style>, embedded HTML
  • Extend BaseOutputBuilder to write parsed data directly to a database

Documentation

FileTopic
docs/01-getting-started.mdInstallation, quick start, common patterns
docs/02-options.mdFull options reference
docs/03-value-parsers.mdValue parser pipeline, built-ins, custom parsers
docs/04-stop-nodes.mdStop nodes and skip tags
docs/05-output-builders.mdBuilt-in and custom output builders
docs/06-streaming.mdStream, feed/end, and memory characteristics
docs/07-auto-close.mdLenient HTML parsing and error collection
docs/08-security.mdSecurity, DoS limits, prototype pollution
docs/09-path-expressions.mdPath expression syntax for stop nodes, skip, exitIf
docs/10-typescript.mdTypeScript usage and type definitions

License

MIT — Amit Gupta

Keywords

xml
parser
fast
flexible
xml-parser
xml2js

FAQs

Package last updated on 02 Jun 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions

Product

Socket Firewall Now Blocks Malicious VS Code and Open VSX Extensions

Socket Firewall blocks malicious VS Code and Open VSX extensions before install, protecting developers from compromised editor marketplaces.

By John Tuckner  -  Jun 17, 2026