Security News
CVE Volume Surges Past 48,000 in 2025 as WordPress Plugin Ecosystem Drives Growth
CVE disclosures hit a record 48,185 in 2025, driven largely by vulnerabilities in third-party WordPress plugins.
By Sarah Gooding - Jan 09, 2026
html-url-attributes
Advanced tools
html-url-attributes
Utility with info on URL attributes.
Contents
- What is this?
- When should I use this?
- Install
- Use
- API
- Syntax
- Syntax tree
- Types
- Compatibility
- Security
- Contribute
- License
What is this?
This package contains info on attributes that have URLs as values.
When should I use this?
You can use this package any time you’re rewriting URLs.
Install
This package is ESM only. In Node.js (version 16+), install with npm:
npm install html-url-attributes
In Deno with esm.sh:
import {urlAttributes} from 'https://esm.sh/html-url-attributes@3'
In browsers with esm.sh:
<script type="module">
import {urlAttributes} from 'https://esm.sh/html-url-attributes@3?bundle'
</script>
Use
import {urlAttributes} from 'html-url-attributes'
console.log(urlAttributes.formAction)
//=> ['button', 'input']
console.log(urlAttributes.href)
//=> ['a', 'area', 'base', 'link']
API
This package exports the identifier
urlAttributes.
There is no default export.
urlAttributes
HTML URL properties (Record<string, Array<string> | null>).
Each key is a property name and each value is a list of tag names it applies
to or null if it applies to all elements.
Syntax
HTML is parsed according to WHATWG HTML (the living standard), which is also followed by all browsers.
Syntax tree
The syntax tree used is hast.
Types
This package is fully typed with TypeScript.
Compatibility
Projects maintained by the unified collective are compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of
Node.
This means we try to keep the current release line,
html-url-attributes@^3,
compatible with Node.js 16.
Security
As rehype works on HTML and improper use of HTML can open you up to a
cross-site scripting (XSS) attack, use of rehype can also be unsafe.
Use rehype-sanitize to make the tree safe.
Contribute
See contributing.md in rehypejs/.github for ways
to get started.
See support.md for ways to get help.
This project has a code of conduct. By interacting with this repository, organization, or community you agree to abide by its terms.
License
FAQs
Map of URL attributes in HTML
The npm package html-url-attributes receives a total of 3,240,478 weekly downloads. As such, html-url-attributes popularity was classified as popular.
We found that html-url-attributes demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 27 Sep 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Insecure Agents Podcast: Certified Patches, Supply Chain Security, and AI Agents
Socket CEO Feross Aboukhadijeh joins Insecure Agents to discuss CVE remediation and why supply chain attacks require a different security approach.
By Sarah Gooding - Jan 08, 2026
Security News
Tailwind CSS Announces 75% Layoffs as LLMs Reshape OSS Business Models
Tailwind Labs laid off 75% of its engineering team after revenue dropped 80%, as LLMs redirect traffic away from documentation where developers discover paid products.
By Sarah Gooding - Jan 08, 2026