Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
fast-xml-parser
Advanced tools
The fast-xml-parser npm package is a fast and powerful XML parser and validator that can convert XML to a JavaScript object, JSON, or a traversable JS object. It can also convert a JS object to XML. It is designed to be very fast and efficient, and it provides various options to control the XML parsing and validation process.
XML to JSON Conversion
Converts XML data to a JSON object. The 'parse' function takes an XML string and optional options object, and returns a JSON representation of the XML.
const { parse } = require('fast-xml-parser');
const xmlData = '<note><to>User</to><from>Library</from><heading>Reminder</heading><body>Don't forget to subscribe.</body></note>';
const options = {};
const jsonObj = parse(xmlData, options);
JSON to XML Conversion
Converts a JSON object to an XML string. The 'j2xParser' constructor takes an options object, and the 'parse' method converts the JSON object to an XML string.
const { j2xParser } = require('fast-xml-parser');
const parser = new j2xParser({});
const jsonObj = { note: { to: 'User', from: 'Library', heading: 'Reminder', body: 'Don't forget to subscribe.' } };
const xmlData = parser.parse(jsonObj);
XML Validation
Validates the XML string. The 'validate' function checks if the given XML string is well-formed and returns a validation result.
const { validate } = require('fast-xml-parser');
const xmlData = '<note><to>User</to><from>Library</from></note>';
const validationResult = validate(xmlData);
Traversable Object Creation
Creates a traversable JavaScript object from XML. The 'XMLParser' constructor creates a parser instance, and the 'parse' method converts the XML string into a traversable JS object.
const { XMLParser } = require('fast-xml-parser');
const xmlData = '<note><to>User</to><from>Library</from></note>';
const parser = new XMLParser();
const traversableObject = parser.parse(xmlData);
xml2js is a similar npm package that provides XML to JavaScript object conversion. It includes options to customize the parsing process and supports builder options for converting back to XML. Compared to fast-xml-parser, xml2js may be slower but offers a more feature-rich API for handling complex XML structures.
xml-js is another npm package that converts XML text to a JavaScript object and vice versa. It can also convert XML to JSON and supports compact and non-compact modes. While fast-xml-parser focuses on speed, xml-js provides a more extensive set of conversion options.
libxmljs is a Node.js package that provides bindings to the libxml C library. It allows for parsing and serializing XML and includes XPath and XSLT support. It is different from fast-xml-parser in that it is a binding to a native library, which may offer performance benefits and additional XML processing features.
[![NPM quality][quality-image]][quality-url]
Validate XML, Parse XML to JS Object, or Build XML from JS Object without C/C++ based libraries and no callback.
I had recently published a book, The Power Glasses. Please have a look. Your feedback would be helpful. You can mail me for a free copy.
Sponsor this project
The list of users are mostly published by Github or communicated directly. Feel free to contact if you find any information wrong.
<br>
in HTML), stop nodes (Eg <script>
in HTML) are supported.I developed v5 in Apr 2023. And I didn't get the chance to complete all the features. I've ensured that new features don't impact performance. With v5, you have more control on parsing output. Check docs for syntax help and basic understanding.
Please leave a comment in discussion forum for your suggestions and if you really need v5.
To use as package dependency
$ npm install fast-xml-parser
or
$ yarn add fast-xml-parser
To use as system command
$ npm install fast-xml-parser -g
To use it on a webpage include it from a CDN
Example
As CLI command
$ fxparser some.xml
In a node js project
const { XMLParser, XMLBuilder, XMLValidator} = require("fast-xml-parser");
const parser = new XMLParser();
let jObj = parser.parse(XMLdata);
const builder = new XMLBuilder();
const xmlContent = builder.build(jObj);
In a HTML page
<script src="path/to/fxp.min.js"></script>
:
<script>
const parser = new fxparser.XMLParser();
parser.parse(xmlContent);
</script>
Bundle size
Bundle Name | Size |
---|---|
fxbuilder.min.js | 6.5K |
fxparser.min.js | 20K |
fxp.min.js | 26K |
fxvalidator.min.js | 5.7K |
v3 | v4 | v5 |
documents |
note: version 5 is released with version 4 tfor experimental use. Based on it's demand, it'll be developed and the features can be different in final release.
negative means error
Usage Trend of fast-xml-parser
This project exists thanks to all the people who contribute. [Contribute].
Thank you to all our backers! 🙏 [Become a backer]
FAQs
Validate XML, Parse XML, Build XML without C/C++ based libraries
The npm package fast-xml-parser receives a total of 21,629,164 weekly downloads. As such, fast-xml-parser popularity was classified as popular.
We found that fast-xml-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.