Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
libxml-to-js
Advanced tools
This is a XML to JavaScript object parser. It uses the libxmljs module for the actual XML parsing. It aims to be an easy xml2js v1 replacement, but it doesn't follow the xml2js API.
libxml-to-js uses the string parser method of libxmljs. Basically a modified version of the algorithm from here in order to fit the formal specifications of xml2js output.
npm install libxml-to-js
The installation of the underlying dependency, libxmljs, fails if you don't have gcc (or compatible compiler), the libxml2 development headers, and the xml2-config script. Under various Linux distributions you may install the appropriate libxml2 development package: libxml2-dev (Debian, Ubuntu, etc), libxml2-devel (RHEL, CentOS, Fedora, etc).
var parser = require('libxml-to-js');
var xml = 'xml string';
parser(xml, function (error, result) {
if (error) {
console.error(error);
} else {
console.log(result);
}
});
With XPath query:
parser(xml, '//xpath/query', function (error, result) {
if (error) {
console.error(error);
} else {
console.log(result);
}
});
Due to the fact that libxmljs does not have any method for returning the namespace attributes of a specific element, the returned namespaces aren't returned as expected:
Example from the WordPress RSS 2 feed:
<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
xmlns:content="http://purl.org/rss/1.0/modules/content/"
xmlns:wfw="http://wellformedweb.org/CommentAPI/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:atom="http://www.w3.org/2005/Atom"
xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
>
<!-- the rest of the doc -->
</rss>
is parsed as:
{ '@':
{ version: '2.0',
xmlns:
{ atom: 'http://www.w3.org/2005/Atom',
sy: 'http://purl.org/rss/1.0/modules/syndication/',
dc: 'http://purl.org/dc/elements/1.1/',
content: 'http://purl.org/rss/1.0/modules/content/',
wfw: 'http://wellformedweb.org/CommentAPI/',
slash: 'http://purl.org/rss/1.0/modules/slash/' } },
// the rest of the doc
}
FAQs
XML to JavaScript object parser based on libxmljs
The npm package libxml-to-js receives a total of 320 weekly downloads. As such, libxml-to-js popularity was classified as not popular.
We found that libxml-to-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.