Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
html-dom-parser
Advanced tools
The html-dom-parser npm package is designed to parse HTML strings into DOM nodes and vice versa, making it easier to manipulate, traverse, and work with HTML content programmatically in JavaScript environments. It is particularly useful for server-side rendering, web scraping, and building web crawlers or SEO tools.
Parsing HTML string to DOM nodes
This feature allows you to convert an HTML string into DOM nodes, enabling programmatic manipulation of the resulting structure. It's useful for extracting information from HTML content or preparing it for further processing.
const parse = require('html-dom-parser');
const domNodes = parse('<div><p>Hello World</p></div>');
Converting DOM nodes back to HTML string
This functionality allows you to take DOM nodes (possibly after manipulation) and convert them back into an HTML string. This is particularly useful for generating HTML content dynamically or modifying existing HTML content programmatically.
const domToHtml = require('html-dom-parser').domToHtml;
const htmlString = domToHtml([{ type: 'tag', name: 'div', children: [{ type: 'tag', name: 'p', children: [{ type: 'text', data: 'Hello World' }] }] }]);
Cheerio is a fast, flexible, and lean implementation of core jQuery designed specifically for the server. It provides a simpler API for parsing, manipulating, and rendering DOM structures. Compared to html-dom-parser, Cheerio offers a more jQuery-like syntax and additional manipulation capabilities, making it more suitable for complex DOM manipulation tasks.
jsdom is a pure-JavaScript implementation of many web standards, notably the WHATWG DOM and HTML Standards, for use with Node.js. It simulates a web browser's environment, allowing you to interact with the DOM as if you were in the browser. jsdom is more comprehensive than html-dom-parser, providing a complete simulated browser environment, making it ideal for testing web pages and running web pages or applications in a Node.js environment.
An isomorphic HTML to DOM parser:
Parser(string[, options])
The parser converts an HTML string to a JavaScript object that describes the DOM tree.
NPM:
npm install --save html-dom-parser
Yarn:
yarn add html-dom-parser
CDN:
<script src="https://unpkg.com/html-dom-parser@latest/dist/html-dom-parser.js"></script>
Import parser:
// server
var Parser = require('html-dom-parser');
// client
var Parser = window.HTMLDOMParser;
Parse input:
Parser('<p>Hello, world!</p>');
Return output:
[ { type: 'tag',
name: 'p',
attribs: {},
children:
[ { data: 'Hello, world!',
type: 'text',
next: null,
prev: null,
parent: [Circular] } ],
next: null,
prev: null,
parent: null } ]
The server parser is a wrapper of htmlparser2's parseDOM()
and the client parser uses the browser's DOM API to mimic the output of the server parser.
$ npm test
$ npm run lint
FAQs
HTML to DOM parser.
The npm package html-dom-parser receives a total of 1,337,164 weekly downloads. As such, html-dom-parser popularity was classified as popular.
We found that html-dom-parser demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.