Security News
Research
Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
The parse5 npm package is a fast full-featured specification-compliant HTML parser for Node.js. It allows users to parse HTML documents and manipulate the resulting document tree structure. The package provides a variety of modules for parsing, serializing, and tree adaptation based on the DOM (Document Object Model) interface.
Parsing HTML
This feature allows you to parse an HTML string into a document tree that can be manipulated or queried.
const parse5 = require('parse5');
const html = '<!DOCTYPE html><html><head></head><body>Hi there!</body></html>';
const document = parse5.parse(html);
Serializing Document
This feature enables you to serialize a document tree back into an HTML string.
const parse5 = require('parse5');
const document = parse5.parse('<!DOCTYPE html><html><head></head><body>Hi there!</body></html>');
const html = parse5.serialize(document);
Streaming
This feature allows you to use parse5 in a streaming mode, which is useful for processing large HTML documents without loading them entirely into memory.
const parse5 = require('parse5');
const fs = require('fs');
const file = fs.createReadStream('example.html');
const parser = new parse5.SAXParser();
parser.on('text', (text) => {
console.log(text);
});
file.pipe(parser);
Tree Adapters
This feature allows you to use different tree adapters to interact with the parsed document tree in a way that is compatible with other libraries or your own custom requirements.
const parse5 = require('parse5');
const htmlparser2Adapter = require('parse5-htmlparser2-tree-adapter');
const html = '<!DOCTYPE html><html><head></head><body>Hi there!</body></html>';
const document = parse5.parse(html, { treeAdapter: htmlparser2Adapter });
Cheerio is a fast, flexible, and lean implementation of core jQuery designed specifically for the server. It uses a very similar syntax to jQuery, allowing for manipulation of the elements in the parsed document tree. Cheerio is generally faster than parse5 for querying documents but does not strictly adhere to the HTML5 specification.
jsdom is a pure-JavaScript implementation of many web standards, notably the WHATWG DOM and HTML Standards, for use with Node.js. It creates a DOM environment similar to that provided by web browsers, including a window object. jsdom is more feature-rich than parse5, providing a complete emulation of a web browser's environment, but it is also heavier and slower for simple parsing tasks.
htmlparser2 is a forgiving HTML and XML parser. It is fast and has a simple API, but unlike parse5, it does not strictly adhere to the HTML5 parsing specification. It is suitable for parsing non-standard or malformed HTML.
npm install --save parse5
📖 Documentation 📖
FAQs
HTML parser and serializer.
The npm package parse5 receives a total of 36,078,561 weekly downloads. As such, parse5 popularity was classified as popular.
We found that parse5 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.
Security News
Sonar’s acquisition of Tidelift highlights a growing industry shift toward sustainable open source funding, addressing maintainer burnout and critical software dependencies.