Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
libxml2-wasm
Advanced tools
libxml2-wasm
Disclaimer
Current version is for feasibility/performance evaluation only
The api may have breaking changes in patch versions.
Why another xml lib?
Compiling C library libxml2 to WebAssembly brings benefits of both pure javascript implementation or native addons, and avoided their drawbacks:
- Good performance: roughly same as the native addons, and much better than pure javascript implementations
- Better compatibility: don't need to compile to every platform, nodeJs version, or dependency libraries(e.g. glibc); and supports browsers too.
- Comprehensive functionality(To be finished): backed by libxml2, we just need some wrappers being callable by javascript.
Documentation
https://jameslan.github.io/libxml2-wasm/index.html
Supported Environments
This library uses ES Module and top level await, so it require the following environment.
| Environment | Version |
|---|---|
| NodeJs | v14.8+ |
| Chrome | V89+ |
| Edge | V89+ |
| Safari | v15+ |
Benchmark
To run the benchmark, build the lib first,
npm ci && npm run build
Then run test in benchmark directory,
cd benchmark && npm ci
npm test
libxmljs2 is js binding to native library libxml2; while fast-xml and xmldoc are pure javascript implementations.
Environment: NodeJs v18.17.1 on Darwin x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
Running "fixtures/small.xml: 787 chars" suite...
Progress: 100%
libxml2-wasm:
59 122 ops/s, ±3.49% | fastest
libxmljs2:
20 392 ops/s, ±10.93% | 65.51% slower
fast-xml-parser:
15 433 ops/s, ±6.45% | 73.9% slower
xmldoc:
12 842 ops/s, ±4.01% | slowest, 78.28% slower
Running "fixtures/medium.xml: 35562 chars" suite...
Progress: 100%
libxml2-wasm:
2 294 ops/s, ±3.21% | 32.75% slower
libxmljs2:
3 411 ops/s, ±10.12% | fastest
fast-xml-parser:
845 ops/s, ±3.29% | 75.23% slower
xmldoc:
720 ops/s, ±2.75% | slowest, 78.89% slower
Running "fixtures/large.xml: 2337522 chars" suite...
Progress: 100%
libxml2-wasm:
18 ops/s, ±3.66% | fastest
libxmljs2:
12 ops/s, ±28.60% | 33.33% slower
fast-xml-parser:
6 ops/s, ±6.83% | 66.67% slower
xmldoc:
4 ops/s, ±8.64% | slowest, 77.78% slower
FAQs
WebAssembly-based libxml2 javascript wrapper
The npm package libxml2-wasm receives a total of 2,408 weekly downloads. As such, libxml2-wasm popularity was classified as popular.
We found that libxml2-wasm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 12 Oct 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025