
Security News
PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.
@office-open/xml
Advanced tools
XML parsing and serialization for Office Open XML. Zero dependencies, drop-in replacement for xml + xml-js.
XML parsing and serialization for Office Open XML. Zero dependencies, drop-in replacement for xml + xml-js.
xml packagexml-js XML parsingxml-js JS-to-XML conversionxml and xml-js, import without changes# pnpm
pnpm add @office-open/xml
# npm
npm install @office-open/xml
# yarn
yarn add @office-open/xml
# bun
bun add @office-open/xml
Replace your existing imports:
// Before
import xml from "xml";
import { xml2js, js2xml } from "xml-js";
import type { Element } from "xml-js";
// After
import { xml, xml2js, js2xml } from "@office-open/xml";
import type { Element } from "@office-open/xml";
No other code changes needed. All options and output formats are compatible.
import { xml, xml2js, js2xml, toElement } from "@office-open/xml";
// Serialize JS objects to XML
const xmlStr = xml({ "w:p": [{ _attr: { "w:val": "1" } }, { "w:r": [{ "w:t": "Hello" }] }] });
// <w:p w:val="1"><w:r><w:t>Hello</w:t></w:r></w:p>
// Parse XML to JS objects
const parsed = xml2js("<w:t>Hello</w:t>", { compact: false });
// Convert JS objects back to XML
const output = js2xml(parsed);
// Direct conversion (faster than xml → xml2js bridge)
const element = toElement({
"w:p": [{ _attr: { "w:val": "1" } }, { "w:r": [{ "w:t": "Hello" }] }],
});
Serialize JavaScript objects to XML string. Compatible with the xml package.
Parse XML string to JavaScript object. Compatible with xml-js.
Convert JavaScript object (xml-js Element format) to XML string. Compatible with xml-js.
Alias for js2xml.
Convenience function that returns JSON.stringify(xml2js(xmlString, options)).
Direct conversion from xml object format to xml-js Element format. Much faster than the xml() → xml2js() bridge path.
Low-level XML entity escaping functions.
Performance comparison against original xml (1.0.1) and xml-js (1.6.11) packages:
| Scenario | @office-open/xml | xml | Speedup |
|---|---|---|---|
| Simple element | 5,440,771 hz | 805,545 hz | 6.75x |
| Nested element | 1,050,272 hz | 315,184 hz | 3.33x |
| Nested with declaration | 967,945 hz | 275,684 hz | 3.51x |
| Scenario | @office-open/xml | xml-js | Speedup |
|---|---|---|---|
| Simple XML | 869,965 hz | 100,507 hz | 8.66x |
| Complex OOXML | 346,440 hz | 53,621 hz | 6.46x |
| With captureSpaces | 344,586 hz | 52,414 hz | 6.57x |
| Scenario | @office-open/xml | xml-js | Speedup |
|---|---|---|---|
| Simple element | 793,710 hz | 207,730 hz | 3.82x |
| Complex OOXML | 366,515 hz | 135,815 hz | 2.70x |
| Scenario | toElement() | xml() + xml2js() bridge | Speedup |
|---|---|---|---|
| Simple | 15,471,913 hz | 1,073,016 hz | 14.42x |
| Nested | 4,278,499 hz | 441,468 hz | 9.69x |
| @office-open/xml | xml + xml-js | |
|---|---|---|
| gzip | 4.22 kB | ~15 kB |
FAQs
XML parsing and serialization for Office Open XML. Zero dependencies, drop-in replacement for xml + xml-js.
The npm package @office-open/xml receives a total of 594 weekly downloads. As such, @office-open/xml popularity was classified as not popular.
We found that @office-open/xml demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Security News
PolinRider expands across npm, Packagist, Go modules, and Chrome extensions, using hidden loaders to target developer environments.

Security News
Open source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.

Research
/Security News
Malicious Chrome and Firefox extensions posed as free VPNs while stealing clipboard data through later extension updates.