Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
sitemap-generator
Advanced tools
Easily create XML sitemaps for your website.
Generates a sitemap by crawling your site. Uses streams to efficiently write the sitemap to your drive and runs asynchronously to avoid blocking the thread. Is cappable of creating multiple sitemaps if threshold is reached. Respects robots.txt and meta tags.
This package is not meant to be used in a production code base directly, but rather on the deployed product. This means you develop your app/website as usual, deploy it and create the sitemap with this tool afterwards. The simplest way is to use the CLI (this is a different package!) to create the sitemap on the command line. If you have a more advanced usecase or want to adjust the crawler behavior you should use the programmtic version (this package). Create the crawler as needed and simply run it via node mycrawler.js
.
This module is available on npm.
$ npm install -S sitemap-generator
This module is running only with Node.js and is not meant to be used in the browser.
const SitemapGenerator = require('sitemap-generator');
// create generator
const generator = SitemapGenerator('http://example.com', {
stripQuerystring: false
});
// register event listeners
generator.on('done', () => {
// sitemaps created
});
// start the crawler
generator.start();
The crawler will fetch all folder URL pages and file types parsed by Google. If present the robots.txt
will be taken into account and possible rules are applied for each URL to consider if it should be added to the sitemap. Also the crawler will not fetch URL's from a page if the robots meta tag with the value nofollow
is present and ignore them completely if noindex
rule is present. The crawler is able to apply the base
value to found links.
The generator offers straightforward methods to start and stop it. You can also add URL's manually.
Starts crawler asynchronously and writes sitemap to disk.
Stops the running crawler and halts the sitemap generation.
Returns the crawler instance. For more information about the crawler check the simplecrawler docs.
This can be useful to ignore certain sites and don't add them to the sitemap.
const crawler = generator.getCrawler();
crawler.addFetchCondition((queueItem, referrerQueueItem, callback) => {
callback(null, !queueItem.path.match(/myregex/));
});
Returns the sitemap instance (SitemapRotator
).
This can be useful to add static URLs to the sitemap:
const crawler = generator.getCrawler()
const sitemap = generator.getSitemap()
// Add static URL on crawl init.
crawler.on('crawlstart', () => {
sitemap.addURL('/my/static/url')
})
Add a URL to crawler's queue. Useful to help crawler fetch pages it can't find itself.
There are a couple of options to adjust the sitemap output. In addition to the options beneath the options of the used crawler can be changed. For a complete list please check it's official documentation.
var generator = SitemapGenerator('http://example.com', {
maxDepth: 0,
filepath: './sitemap.xml',
maxEntriesPerFile: 50000,
stripQuerystring: true
});
Type: string
Default: undefined
If defined, adds a <changefreq>
line to each URL in the sitemap. Possible values are always
, hourly
, daily
, weekly
, monthly
, yearly
, never
. All other values are ignored.
Type: string
Default: ./sitemap.xml
Filepath for the new sitemap. If multiple sitemaps are created "part_$index" is appended to each filename. If you don't want to write a file at all you can pass null
as filepath.
Type: HTTPAgent
Default: http.globalAgent
Controls what HTTP agent to use. This is useful if you want configure HTTP connection through a HTTP/HTTPS proxy (see http-proxy-agent).
Type: HTTPAgent
Default: https.globalAgent
Controls what HTTPS agent to use. This is useful if you want configure HTTPS connection through a HTTP/HTTPS proxy (see https-proxy-agent).
Apply a test condition to a URL before it's added to the sitemap.
Type: function
Default: null
Example:
const generator = SitemapGenerator(url, {
ignore: url => {
// Prevent URLs from being added that contain `<pattern>`.
return /<pattern>/g.test(url)
}
})
Type: boolean
Default: true
Indicates whether Google AMP pages should be ignored and not be added to the sitemap.
Type: boolean
Default: false
Whether to add a <lastmod>
line to each URL in the sitemap. If present the responses Last-Modified
header will be used. Otherwise todays date is added.
Type: number
Default: 50000
Google limits the maximum number of URLs in one sitemap to 50000. If this limit is reached the sitemap-generator creates another sitemap. A sitemap index file will be created as well.
Type: array
Default: []
If provided, adds a <priority>
line to each URL in the sitemap. Each value in priorityMap array corresponds with the depth of the URL being added. For example, the priority value given to a URL equals priorityMap[depth - 1]
. If a URL's depth is greater than the length of the priorityMap array, the last value in the array will be used. Valid values are between 1.0
and 0.0
.
Example:
[1.0, 0.8, 0.6, 0.4, 0.2, 0]
Type: string
Default: Node/SitemapGenerator
Change the default crawler user agent.
The Sitemap Generator emits several events which can be listened to.
add
Triggered when the crawler successfully added a resource to the sitemap. Passes the url as argument.
generator.on('add', (url) => {
// log url
});
done
Triggered when the crawler finished and the sitemap is created.
generator.on('done', () => {
// sitemaps created
});
error
Thrown if there was an error while fetching an URL. Passes an object with the http status code, a message and the url as argument.
generator.on('error', (error) => {
console.log(error);
// => { code: 404, message: 'Not found.', url: 'http://example.com/foo' }
});
ignore
If an URL matches a disallow rule in the robots.txt
file or meta robots noindex is present this event is triggered. The URL will not be added to the sitemap. Passes the ignored url as argument.
generator.on('ignore', (url) => {
// log ignored url
});
This package don't care what frameworks and technologies you are using under the hood. The only requirement is, that your URL's return valid HTML. Therefore SSR (server side rendering) is required for single page apps as no JavaScript is executed.
This is basically up to you. You can execute this code manually and upload your sitemap by hand, or you can put this on your server and run this periodically to keep your sitemap up to date.
The CLI should suffice most of the common use cases. It has several options to tweak in case you want it to behave differently. If your use case is more advanced and you need fine control about what the crawler should fetch, you should use this package and the programmatic API.
FAQs
Easily create XML sitemaps for your website.
The npm package sitemap-generator receives a total of 3,928 weekly downloads. As such, sitemap-generator popularity was classified as popular.
We found that sitemap-generator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.