Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The fast, flexible & elegant library for parsing and manipulating HTML and XML.
Cheerio is a fast, flexible, and lean implementation of core jQuery designed specifically for the server. It allows users to manipulate and traverse HTML documents with a familiar jQuery-like API in a Node.js environment.
HTML Parsing
Cheerio can parse HTML and allows you to select and manipulate HTML elements in a way similar to jQuery.
const cheerio = require('cheerio');
const $ = cheerio.load('<h2 class="title">Hello world</h2>');
$('h2.title').text('Hello there!');
$('h2').addClass('welcome');
console.log($.html());
DOM Traversal
Cheerio provides methods to traverse the DOM tree, such as selecting elements by class, id, or tag name.
const cheerio = require('cheerio');
const $ = cheerio.load('<ul id="fruits"><li class="apple">Apple</li><li class="orange">Orange</li></ul>');
$('.apple', '#fruits').text();
$('ul .apple').attr('class');
DOM Manipulation
Cheerio allows you to manipulate the DOM by adding, removing, or modifying elements and their attributes.
const cheerio = require('cheerio');
const $ = cheerio.load('<ul id="fruits"></ul>');
$('#fruits').append('<li>Banana</li>');
$('#fruits').prepend('<li>Apple</li>');
$('#fruits').after('<p>Nothing to see here</p>');
jsdom is a pure-JavaScript implementation of many web standards, notably the WHATWG DOM and HTML Standards. It is more heavyweight than cheerio as it aims to provide a complete browsing environment, but it is useful for more complex scenarios where a full DOM API is needed.
Puppeteer is a Node library which provides a high-level API to control Chrome or Chromium over the DevTools Protocol. It is different from cheerio as it allows for browser automation, including but not limited to DOM manipulation, and is capable of rendering and screenshotting web pages.
import * as cheerio from 'cheerio';
const $ = cheerio.load('<h2 class="title">Hello world</h2>');
$('h2.title').text('Hello there!');
$('h2').addClass('welcome');
$.html();
//=> <html><head></head><body><h2 class="title welcome">Hello there!</h2></body></html>
npm install cheerio
❤ Proven syntax: Cheerio implements a subset of core jQuery. Cheerio removes all the DOM inconsistencies and browser cruft from the jQuery library, revealing its truly gorgeous API.
ϟ Blazingly fast: Cheerio works with a very simple, consistent DOM model. As a result parsing, manipulating, and rendering are incredibly efficient.
❁ Incredibly flexible: Cheerio wraps around parse5 for parsing HTML and can optionally use the forgiving htmlparser2. Cheerio can parse nearly any HTML or XML document. Cheerio works in both browser and server environments.
First you need to load in the HTML. This step in jQuery is implicit, since jQuery operates on the one, baked-in DOM. With Cheerio, we need to pass in the HTML document.
// ESM or TypeScript:
import * as cheerio from 'cheerio';
// In other environments:
const cheerio = require('cheerio');
const $ = cheerio.load('<ul id="fruits">...</ul>');
$.html();
//=> <html><head></head><body><ul id="fruits">...</ul></body></html>
Once you've loaded the HTML, you can use jQuery-style selectors to find elements within the document.
selector
searches within the context
scope which searches within the root
scope. selector
and context
can be a string expression, DOM Element, array
of DOM elements, or cheerio object. root
, if provided, is typically the HTML
document string.
This selector method is the starting point for traversing and manipulating the document. Like in jQuery, it's the primary method for selecting elements in the document.
$('.apple', '#fruits').text();
//=> Apple
$('ul .pear').attr('class');
//=> pear
$('li[class=orange]').html();
//=> Orange
When you're ready to render the document, you can call the html
method on the
"root" selection:
$.root().html();
//=> <html>
// <head></head>
// <body>
// <ul id="fruits">
// <li class="apple">Apple</li>
// <li class="orange">Orange</li>
// <li class="pear">Pear</li>
// </ul>
// </body>
// </html>
If you want to render the
outerHTML
of a selection, you can use the outerHTML
prop:
$('.pear').prop('outerHTML');
//=> <li class="pear">Pear</li>
You may also render the text content of a Cheerio object using the text
method:
const $ = cheerio.load('This is <em>content</em>.');
$('body').text();
//=> This is content.
Cheerio collections are made up of objects that bear some resemblance to browser-based DOM nodes. You can expect them to define the following properties:
tagName
parentNode
previousSibling
nextSibling
nodeValue
firstChild
childNodes
lastChild
This video tutorial is a follow-up to Nettut's "How to Scrape Web Pages with Node.js and jQuery", using cheerio instead of JSDOM + jQuery. This video shows how easy it is to use cheerio and how much faster cheerio is than JSDOM + jQuery.
Are you using cheerio in production? Add it to the wiki!
Does your company use Cheerio in production? Please consider sponsoring this project! Your help will allow maintainers to dedicate more time and resources to its development and support.
Headlining Sponsors
Other Sponsors
Become a backer to show your support for Cheerio and help us maintain and improve this open source project.
MIT
FAQs
The fast, flexible & elegant library for parsing and manipulating HTML and XML.
The npm package cheerio receives a total of 7,568,768 weekly downloads. As such, cheerio popularity was classified as popular.
We found that cheerio demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.