Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
libxml2-wasm
Advanced tools
libxml2-wasm
Disclaimer
Current version is for feasibility/performance evaluation only
The api may have breaking changes in patch versions.
Why another xml lib?
Compiling C library libxml2 to WebAssembly brings benefits of both pure javascript implementation or native addons, and avoided their drawbacks:
- Good performance: the string api has a comparable performance to the native addons, and much better than pure javascript implementations; the buffer api(no string conversion) has an impressive performance in the benchmark.
- Better compatibility: don't need to compile to every platform, nodeJs version, or dependency libraries(e.g. glibc); and supports browsers too.
- Comprehensive functionality(To be finished): backed by libxml2, we just need some wrappers being callable by javascript.
Documentation
https://jameslan.github.io/libxml2-wasm/index.html
Supported Environments
This library uses ES Module and top level await, so it require the following environment.
| Environment | Version |
|---|---|
| NodeJs | v14.8+ |
| Chrome | V89+ |
| Edge | V89+ |
| Safari | v15+ |
Benchmark
To run the benchmark, build the lib first,
npm ci && npm run build
Then run test in benchmark directory,
cd benchmark && npm ci
npm test
libxmljs2 is js binding to native library libxml2; while fast-xml and xmldoc are pure javascript implementations.
Environment: NodeJs v18.17.1 on Darwin x64 Intel(R) Core(TM) i9-9880H CPU @ 2.30GHz
Running "fixtures/small.xml: 787 bytes" suite...
Progress: 100%
libxml2-wasm:
64 645 ops/s, ±1.22% | 44.35% slower
libxml2-wasm(buffer api):
116 157 ops/s, ±0.67% | fastest
libxmljs2:
28 240 ops/s, ±9.20% | 75.69% slower
fast-xml-parser:
18 091 ops/s, ±7.90% | 84.43% slower
xmldoc:
14 310 ops/s, ±1.88% | slowest, 87.68% slower
Running "fixtures/medium.xml: 35562 bytes" suite...
Progress: 100%
libxml2-wasm:
2 706 ops/s, ±0.79% | 73.57% slower
libxml2-wasm(buffer api):
10 237 ops/s, ±0.48% | fastest
libxmljs2:
4 779 ops/s, ±8.57% | 53.32% slower
fast-xml-parser:
995 ops/s, ±2.09% | 90.28% slower
xmldoc:
844 ops/s, ±1.33% | slowest, 91.76% slower
Running "fixtures/large.xml: 2337522 bytes" suite...
Progress: 100%
libxml2-wasm:
22 ops/s, ±1.29% | 37.14% slower
libxml2-wasm(buffer api):
35 ops/s, ±0.88% | fastest
libxmljs2:
21 ops/s, ±14.92% | 40% slower
fast-xml-parser:
6 ops/s, ±5.99% | 82.86% slower
xmldoc:
4 ops/s, ±3.67% | slowest, 88.57% slower
FAQs
WebAssembly-based libxml2 javascript wrapper
The npm package libxml2-wasm receives a total of 2,408 weekly downloads. As such, libxml2-wasm popularity was classified as popular.
We found that libxml2-wasm demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 15 Oct 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025