Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
feedparser
Advanced tools
Feedparser is for parsing RSS, Atom, and RDF feeds in node.js.
It has a couple features you don't usually see in other feed parsers:
npm install feedparser
This example is just to briefly demonstrate basic concepts.
Please also review the complete example for a thorough working example that is a suitable starting point for your app.
var FeedParser = require('feedparser');
var fetch = require('node-fetch'); // for fetching the feed
var req = fetch('http://somefeedurl.xml')
var feedparser = new FeedParser([options]);
req.then(function (res) {
if (res.status !== 200) {
throw new Error('Bad status code');
}
else {
// The response `body` -- res.body -- is a stream
res.body.pipe(feedparser);
}
}, function (err) {
// handle any request errors
});
feedparser.on('error', function (error) {
// always handle errors
});
feedparser.on('readable', function () {
// This is where the action is!
var stream = this; // `this` is `feedparser`, which is a stream
var meta = this.meta; // **NOTE** the "meta" is always available in the context of the feedparser instance
var item;
while (item = stream.read()) {
console.log(item);
}
});
You can also check out this nice working implementation that demonstrates one way to handle all the hard and annoying stuff. :smiley:
normalize
- Set to false
to override Feedparser's default behavior,
which is to parse feeds into an object that contains the generic properties
patterned after (although not identical to) the RSS 2.0 format, regardless
of the feed's format.
addmeta
- Set to false
to override Feedparser's default behavior, which
is to add the feed's meta
information to each article.
feedurl
- The url (string) of the feed. FeedParser is very good at
resolving relative urls in feeds. But some feeds use relative urls without
declaring the xml:base
attribute any place in the feed. This is perfectly
valid, but we don't know know the feed's url before we start parsing the feed
and trying to resolve those relative urls. If we discover the feed's url, we
will go back and resolve the relative urls we've already seen, but this takes
a little time (not much). If you want to be sure we never have to re-resolve
relative urls (or if FeedParser is failing to properly resolve relative urls),
you should set the feedurl
option. Otherwise, feel free to ignore this option.
resume_saxerror
- Set to false
to override Feedparser's default behavior, which
is to emit any SAXError
on error
and then automatically resume parsing. In
my experience, SAXErrors
are not usually fatal, so this is usually helpful
behavior. If you want total control over handling these errors and optionally
aborting parsing the feed, use this option.
See the examples
directory.
Feedparser is a transform stream operating in "object mode": XML in -> Javascript objects out. Each readable chunk is an object representing an article in the feed.
meta
- called with feed meta
when it has been parsederror
- called with error
whenever there is a Feedparser error of any kind (SAXError, Feedparser error, etc.)Feedparser parses each feed into a meta
(emitted on the meta
event) portion
and one or more articles
(emited on the data
event or readable after the readable
is emitted).
Regardless of the format of the feed, the meta
and each article
contain a
uniform set of generic properties patterned after (although not identical to)
the RSS 2.0 format, as well as all of the properties originally contained in the
feed. So, for example, an Atom feed may have a meta.description
property, but
it will also have a meta['atom:subtitle']
property.
The purpose of the generic properties is to provide the user a uniform interface
for accessing a feed's information without needing to know the feed's format
(i.e., RSS versus Atom) or having to worry about handling the differences
between the formats. However, the original information is also there, in case
you need it. In addition, Feedparser supports some popular namespace extensions
(or portions of them), such as portions of the itunes
, media
, feedburner
and pheedo
extensions. So, for example, if a feed article contains either an
itunes:image
or media:thumbnail
, the url for that image will be contained in
the article's image.url
property.
All generic properties are "pre-initialized" to null
(or empty arrays or
objects for certain properties). This should save you from having to do a lot of
checking for undefined
, such as, for example, when you are using jade
templates.
In addition, all properties (and namespace prefixes) use only lowercase letters, regardless of how they were capitalized in the original feed. ("xmlUrl" and "pubDate" also are still used to provide backwards compatibility.) This decision places ease-of-use over purity -- hopefully, you will never need to think about whether you should camelCase "pubDate" ever again.
The title
and description
properties of meta
and the title
property of
each article
have any HTML stripped if you let feedparser normalize the output.
If you really need the HTML in those elements, there are always the originals:
e.g., meta['atom:subtitle']['#']
.
url
and title
properties)link
property, origlink
contains the original link)guid
field and the isPermalink
attribute is not set to false
, permalink
contains the value of guid
)url
and title
properties)url
and title
properties pointing to the original source for an article; see the RSS Spec for an explanation of this element)url
property and possibly type
and length
properties)article
emissions)View all the contributors.
Although node-feedparser
no longer shares any code with node-easyrss
, it was
the original inspiration and a starting point.
(The MIT License)
Copyright (c) 2011-2020 Dan MacTough and contributors
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
Robust RSS Atom and RDF feed parsing using sax js
We found that feedparser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.