
Security News
NVD Concedes Inability to Keep Pace with Surging CVE Disclosures in 2025
Security experts warn that recent classification changes obscure the true scope of the NVD backlog as CVE volume hits all-time highs.
The lightest XML parsing library
npm install xml-utils
XML tags are represented by a simple object with an outer and inner property. The "outer" property is the text string that completely encompasses the tag, equivalent to an HTML element's "outerHTML". The "inner" property represents the sub-parts of the tag. It is similar to an HTML element's "textContent". Here's an example of a tag:
{
outer: "<MDI key="INTERLEAVE">PIXEL</MDI>",
inner: "PIXEL"
}
const getAttribute = require("xml-utils/get-attribute.js");
const xml = `<MDI key="INTERLEAVE">PIXEL</MDI>`;
const key = getAttribute(xml, "key");
// key is "INTERLEAVE"
const findTagByName = require("xml-utils/find-tag-by-name.js");
const xml = `<Metadata domain="IMAGE_STRUCTURE"><MDI key="INTERLEAVE">PIXEL</MDI></Metadata>`
const tag = findTagByName(xml, "MDI");
tag is
{
outer: "<MDI key="INTERLEAVE">PIXEL</MDI>",
inner: "PIXEL"
}
const findTagsByName = require("xml-utils/find-tags-by-name.js");
const xml = `
<Metadata>
<MDI key="SourceBandIndex">1</MDI>
<MDI key="STATISTICS_MAXIMUM">255</MDI>
<MDI key="STATISTICS_MEAN">96.372431147996</MDI>
<MDI key="STATISTICS_MINIMUM">0</MDI>
<MDI key="STATISTICS_STDDEV">50.057898474622</MDI>
</Metadata>
`;
const tags = findTagsByName(xml, "MDI");
// tags is an array of tags
const findTagByPath = require("xml-utils/find-tag-by-path.js");
const xml = `
<gmd:referenceSystemIdentifier>
<gmd:RS_Identifier>
<gmd:code>
<gco:CharacterString>4326</gco:CharacterString>
</gmd:code>
<gmd:codeSpace>
<gco:CharacterString>EPSG</gco:CharacterString>
</gmd:codeSpace>
<gmd:version>
<gco:CharacterString>6.11</gco:CharacterString>
</gmd:version>
</gmd:RS_Identifier>
</gmd:referenceSystemIdentifier>
`;
const tag = findTagByPath(xml, ["gmd:RS_Identifier", "gmd:code", "gco:CharacterString"]);
To get an array of tags that follow a path:
const findTagsByPath = require("xml-utils/find-tags-by-path.js");
const tags = findTagsByPath(xml, ["Metadata", "MDI"]);
// tags is an array of tags
// find description for 10th tag in list
const tags = findTagsByPath(iso, [
{ name: "gmd:onLine", index: 9 }, // using zero-based index
"gmd:description",
"gco:CharacterString"
]);
const removeComments = require("xml-utils/remove-comments.js");
const xml = `<list>
<!--<A/>-->
<B/>
</list>`;
removeComments(xml);
"<list>\n \n<B/><list>";
const removeTagsByName = require("xml-utils/remove-tags-by-name.js");
const xml = "<ul><li>A</li><li>B</li></ul>";
removeTagsByName(xml, "li")
"<ul></ul>"
download test files with:
npm run setup
npm run test
Post an issue at https://github.com/DanielJDufour/xml-utils/issues or email the package author at daniel.j.dufour@gmail.com
FAQs
Parse XML without Blowing Up Your Bundle Size
The npm package xml-utils receives a total of 326,703 weekly downloads. As such, xml-utils popularity was classified as popular.
We found that xml-utils demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Security experts warn that recent classification changes obscure the true scope of the NVD backlog as CVE volume hits all-time highs.
Security Fundamentals
Attackers use obfuscation to hide malware in open source packages. Learn how to spot these techniques across npm, PyPI, Maven, and more.
Security News
Join Socket for exclusive networking events, rooftop gatherings, and one-on-one meetings during BSidesSF and RSA 2025 in San Francisco.