Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The domutils package is a utility library for working with DOM elements in Node.js. It provides a variety of functions to manipulate and traverse the DOM, extract information, and convert between different formats.
Manipulating the DOM
This feature allows you to manipulate DOM elements by appending children or removing elements.
const { append, removeElement } = require('domutils');
const dom = [{ type: 'tag', name: 'div' }];
const child = { type: 'tag', name: 'span' };
append(dom[0], child);
removeElement(child);
Traversing the DOM
This feature provides functions to traverse the DOM and find elements based on a predicate function.
const { findOne, findAll } = require('domutils');
const dom = [{ type: 'tag', name: 'div', children: [{ type: 'tag', name: 'span' }] }];
const span = findOne(elem => elem.name === 'span', dom);
const allDivs = findAll(elem => elem.name === 'div', dom);
Extracting information
This feature allows you to extract information such as text content from DOM elements.
const { getText } = require('domutils');
const dom = [{ type: 'text', data: 'Hello World' }];
const text = getText(dom);
Converting between formats
This feature enables you to convert DOM elements to other formats, such as HTML strings.
const { getOuterHTML } = require('domutils');
const dom = [{ type: 'tag', name: 'div', children: [{ type: 'text', data: 'Hello World' }] }];
const html = getOuterHTML(dom);
Cheerio is a fast, flexible, and lean implementation of core jQuery designed specifically for the server. It provides a simpler API for manipulating the DOM compared to domutils and is often used for web scraping and server-side DOM manipulation.
jsdom is a pure-JavaScript implementation of many web standards, notably the WHATWG DOM and HTML Standards. It is more comprehensive than domutils, creating a whole web page environment, and is often used for testing web pages and running scripts as if they were in a browser.
parse5 is an HTML parsing/serialization toolset for Node.js that adheres to the HTML5 specification. Unlike domutils, which provides utilities for manipulating a DOM structure, parse5 focuses on parsing and serializing HTML documents.
Utilities for working with htmlparser2's DOM.
All functions are exported as a single module. Look through the docs to see what is available.
Name | Description |
---|---|
htmlparser2 | Fast & forgiving HTML/XML parser |
domhandler | Handler for htmlparser2 that turns documents into a DOM |
domutils | Utilities for working with domhandler's DOM |
css-select | CSS selector engine, compatible with domhandler's DOM |
cheerio | The jQuery API for domhandler's DOM |
dom-serializer | Serializer for domhandler's DOM |
License: BSD-2-Clause
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
domutils
for enterpriseAvailable as part of the Tidelift Subscription
The maintainers of domutils
and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. Learn more.
FAQs
Utilities for working with htmlparser2's dom
The npm package domutils receives a total of 20,981,797 weekly downloads. As such, domutils popularity was classified as popular.
We found that domutils demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.