Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
What is svgo?
The svgo npm package is a Node.js-based tool for optimizing SVG vector graphics files. SVGO stands for Scalable Vector Graphics Optimizer. It works by applying a series of transformations and optimizations to SVG files to reduce their size without affecting their visual quality. This is particularly useful for web development, where smaller file sizes can lead to faster load times and better performance.
What are svgo's main functionalities?
Minify SVG files
This feature allows you to minify SVG files by removing unnecessary data without affecting the rendering of the SVG. The code sample demonstrates how to use the optimize function to minify an SVG string.
const { optimize } = require('svgo');
const svgString = '<svg ...> ... </svg>';
const result = optimize(svgString, { path: 'path/to/svg/file.svg' });
console.log(result.data);Remove specified attributes
This feature allows you to remove specified attributes from SVG elements. The code sample shows how to use the removeAttributesBySelector plugin to remove the 'fill' attribute from all elements that have it.
const { optimize } = require('svgo');
const svgString = '<svg ...> ... </svg>';
const result = optimize(svgString, {
plugins: [
{
name: 'removeAttributesBySelector',
params: {
selector: '[fill]',
attributes: 'fill'
}
}
]
});
console.log(result.data);Prettify SVG files
This feature allows you to prettify SVG files by reformatting them with consistent indentation and spacing. The code sample demonstrates how to use the js2svg option with the pretty parameter set to true.
const { optimize } = require('svgo');
const svgString = '<svg ...> ... </svg>';
const result = optimize(svgString, {
plugins: [
'preset-default',
'sortAttrs',
{
name: 'removeAttrs',
params: { attrs: '(stroke|fill)' }
}
],
js2svg: { pretty: true }
});
console.log(result.data);Other packages similar to svgo
imagemin-svgo
imagemin-svgo is a plugin for Imagemin, which is a general image optimization framework. While svgo focuses solely on SVG files, Imagemin can handle various image formats when combined with the appropriate plugins. Imagemin-svgo brings the capabilities of svgo to the Imagemin ecosystem.
svg-sprite
svg-sprite is a package that takes a set of SVG files and combines them into a single sprite sheet. While svgo optimizes individual SVG files, svg-sprite focuses on creating an efficient way to bundle multiple SVGs for use on the web.
svg-crowbar
svg-crowbar is a tool designed to extract SVG elements from an HTML document and download them as standalone SVG files. It is different from svgo, which optimizes existing SVG files rather than extracting them from HTML.
SVGO 
SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files.
Why?
SVG files, especially those exported from vector editors, usually contain a lot of redundant information. This includes editor metadata, comments, hidden elements, default or suboptimal values, and other stuff that can be safely removed or converted without impacting rendering.
Installation
You can install SVGO globally through npm, yarn, or pnpm. Alternatively, drop the global flag (global/-g) to use it in your Node.js project.
# npm
npm install -g svgo
# yarn
yarn global add svgo
# pnpm
pnpm add -g svgo
Command-line usage
Process single files:
svgo one.svg two.svg -o one.min.svg two.min.svg
Process a directory of files recursively with -f/--folder:
svgo -f path/to/directory_with_svgs -o path/to/output_directory
Help for advanced usage:
svgo --help
Configuration
SVGO has a plugin architecture. You can read more about all plugins in Plugins | SVGO Documentation, and the default plugins in Preset Default | SVGO Documentation.
SVGO reads the configuration from svgo.config.js or the --config path/to/config.js command-line option. Some other parameters can be configured though command-line options too.
svgo.config.js
module.exports = {
multipass: false, // boolean
datauri: 'base64', // 'base64'|'enc'|'unenc'
js2svg: {
indent: 4, // number
pretty: false, // boolean
},
plugins: [
'preset-default', // built-in plugins enabled by default
'prefixIds', // enable built-in plugins by name
// enable built-in plugins with an object to configure plugins
{
name: 'prefixIds',
params: {
prefix: 'uwu',
},
},
],
};
Default preset
Instead of configuring SVGO from scratch, you can tweak the default preset to suit your needs by configuring or disabling the respective plugin.
svgo.config.js
module.exports = {
plugins: [
{
name: 'preset-default',
params: {
overrides: {
// disable a default plugin
removeViewBox: false,
// customize the params of a default plugin
inlineStyles: {
onlyMatchedOnce: false,
},
},
},
},
],
};
You can find a list of the default plugins in the order they run in Preset Default | SVGO Documentation.
Custom plugins
You can also specify custom plugins:
svgo.config.js
const importedPlugin = require('./imported-plugin');
module.exports = {
plugins: [
// plugin imported from another JavaScript file
importedPlugin,
// plugin defined inline
{
name: 'customPlugin',
params: {
paramName: 'paramValue',
},
fn: (ast, params, info) => {},
},
],
};
API usage
SVGO provides a few low level utilities.
optimize
The core of SVGO is optimize function.
const { optimize } = require('svgo');
const result = optimize(svgString, {
path: 'path-to.svg', // recommended
multipass: true, // all other config fields are available here
});
const optimizedSvgString = result.data;
loadConfig
If you write a tool on top of SVGO you may want to resolve the svgo.config.js file.
const { loadConfig } = require('svgo');
const config = await loadConfig();
You can also specify a path and customize the current working directory.
const config = await loadConfig(configFile, cwd);
Other ways to use SVGO
| Method | Reference |
|---|---|
| Web app | SVGOMG |
| Grunt task | grunt-svgmin |
| Gulp task | gulp-svgmin |
| Webpack loader | image-minimizer-webpack-plugin |
| PostCSS plugin | postcss-svgo |
| Inkscape plugin | inkscape-svgo |
| Sketch plugin | svgo-compressor |
| Rollup plugin | rollup-plugin-svgo |
| Visual Studio Code plugin | vscode-svgo |
| Atom plugin | atom-svgo |
| Sublime plugin | Sublime-svgo |
| Figma plugin | Advanced SVG Export |
| Linux app | Oh My SVG |
| Browser extension | SVG Gobbler |
| API | Vector Express |
Donors
 |  |
|---|---|
| SheetJS LLC | Fontello |
License and Copyright
This software is released under the terms of the MIT license.
Logo by André Castillo.
FAQs
Nodejs-based tool for optimizing SVG vector graphics files
The npm package svgo receives a total of 19,279,417 weekly downloads. As such, svgo popularity was classified as popular.
We found that svgo demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 4 open source maintainers collaborating on the project.
Package last updated on 09 May 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025