
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
fast-xml-parser
Advanced tools
[![NPM quality][quality-image]][quality-url]
Validate XML, Parse XML to JS Object, or Build XML from JS Object without C/C++ based libraries and no callback.
Checkout our new library Text2Chart that constructs flow chart out of simple text. Very helpful in creating or alayzing an algorithm, and documentation purpose
Sponsor this project

This is a donation. No goods or services are expected in return. Any requests for refunds for those purposes will be rejected.
The list of users are mostly published by Github or communicated directly. Feel free to contact if you find any information wrong.
<br> in HTML), stop nodes (Eg <script> in HTML) are supported.I developed v5 in Apr 2023. And I didn't get the chance to complete all the features. I've ensured that new features don't impact performance. With v5, you have more control on parsing output. Check docs for syntax help and basic understanding.
Please leave a comment in discussion forum for your suggestions and if you really need v5.
To use as package dependency
$ npm install fast-xml-parser
or
$ yarn add fast-xml-parser
To use as system command
$ npm install fast-xml-parser -g
To use it on a webpage include it from a CDN
Example
As CLI command
$ fxparser some.xml
In a node js project
const { XMLParser, XMLBuilder, XMLValidator} = require("fast-xml-parser");
const parser = new XMLParser();
let jObj = parser.parse(XMLdata);
const builder = new XMLBuilder();
const xmlContent = builder.build(jObj);
In a HTML page
<script src="path/to/fxp.min.js"></script>
:
<script>
const parser = new fxparser.XMLParser();
parser.parse(xmlContent);
</script>
Bundle size
| Bundle Name | Size |
|---|---|
| fxbuilder.min.js | 6.5K |
| fxparser.min.js | 20K |
| fxp.min.js | 26K |
| fxvalidator.min.js | 5.7K |
| v3 | v4 | v5 |
| documents |
note: version 5 is released with version 4 tfor experimental use. Based on it's demand, it'll be developed and the features can be different in final release.
negative means error
* Y-axis: requests per second
Usage Trend of fast-xml-parser
This project exists thanks to all the people who contribute. [Contribute].
Thank you to all our backers! 🙏 [Become a backer]

xml2js is a similar npm package that provides XML to JavaScript object conversion. It includes options to customize the parsing process and supports builder options for converting back to XML. Compared to fast-xml-parser, xml2js may be slower but offers a more feature-rich API for handling complex XML structures.
xml-js is another npm package that converts XML text to a JavaScript object and vice versa. It can also convert XML to JSON and supports compact and non-compact modes. While fast-xml-parser focuses on speed, xml-js provides a more extensive set of conversion options.
libxmljs is a Node.js package that provides bindings to the libxml C library. It allows for parsing and serializing XML and includes XPath and XSLT support. It is different from fast-xml-parser in that it is a binding to a native library, which may offer performance benefits and additional XML processing features.
FAQs
Validate XML, Parse XML, Build XML without C/C++ based libraries
The npm package fast-xml-parser receives a total of 73,010,595 weekly downloads. As such, fast-xml-parser popularity was classified as popular.
We found that fast-xml-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.