Security News
Input Validation Vulnerabilities Dominate MITRE's 2024 CWE Top 25 List
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
The xml2js npm package is a library that allows users to convert XML data into a JavaScript object and vice versa. It is useful for working with XML data in a JavaScript environment, such as Node.js applications, where JSON is the more commonly used data format.
Parsing XML to JavaScript Object
This feature allows you to parse XML data and convert it into a JavaScript object. The 'parseString' method takes an XML string and a callback function that receives the parsed result.
const xml2js = require('xml2js');
const parser = new xml2js.Parser();
const xml = '<root>Hello xml2js!</root>';
parser.parseString(xml, (err, result) => {
console.log(result);
});
Converting JavaScript Object to XML
This feature enables you to take a JavaScript object and convert it into an XML string. The 'Builder' class is used to create an XML string from the provided object.
const xml2js = require('xml2js');
const builder = new xml2js.Builder();
const obj = { root: 'Hello xml2js!' };
const xml = builder.buildObject(obj);
console.log(xml);
Customizing Parser Options
xml2js allows you to customize the behavior of the parser through various options. In this example, 'explicitArray' is set to false to avoid wrapping single elements in an array, and 'trim' is set to true to trim the whitespace from the text nodes.
const xml2js = require('xml2js');
const parser = new xml2js.Parser({
explicitArray: false,
trim: true
});
const xml = '<root> Hello xml2js! </root>';
parser.parseString(xml, (err, result) => {
console.log(result);
});
fast-xml-parser is an npm package that provides similar XML parsing and building functionalities as xml2js. It is known for its speed and offers a variety of options for parsing, including the ability to validate XML. It can be a faster alternative to xml2js for large XML files or performance-critical applications.
libxmljs is a Node.js package that binds to the libxml C library. It provides XML parsing and serialization, XPath support, and schema validation. Compared to xml2js, libxmljs is a lower-level library that may offer better performance and more advanced XML processing features but with a more complex API.
xmldom is a W3C standard-compliant DOM parser and serializer for Node.js. It allows you to manipulate XML documents with a DOM API. While xml2js focuses on converting between XML and JavaScript objects, xmldom is more about providing a DOM interface for XML documents, which can be more familiar to developers with experience in web development.
Ever had the urge to parse XML? And wanted to access the data in some sane, easy way? Don't want to compile a C parser, for whatever reason? Then xml2js is what you're looking for!
Simple XML to JavaScript object converter. Uses sax-js.
Note: If you're looking for a full DOM parser, you probably want JSDom.
Simplest way to install xml2js
is to use npm, just npm install xml2js
which will download xml2js and all dependencies.
No extensive tutorials required because you are a smart developer! The task of parsing XML should be an easy one, so let's make it so! Here's some examples.
You want to parse XML as simple and easy as possible? It's dangerous to go alone, take this:
var parseString = require('xml2js').parseString;
var xml = "<root>Hello xml2js!</root>"
parseString(xml, function (err, result) {
console.dir(result);
});
Can't get easier than this, right? This works starting with xml2js
0.2.3.
With CoffeeScript it looks like this:
parseString = require('xml2js').parseString
xml = "<root>Hello xml2js!</root>"
parseString xml, (err, result) ->
console.dir result
If you need some special options, fear not, xml2js
supports a number of
options (see below), you can specify these as second argument:
parseString(xml, {trim: true}, function (err, result) {
});
That's right, if you have been using xml-simple or a home-grown wrapper, this is was added in 0.1.11 just for you:
var fs = require('fs'),
xml2js = require('xml2js');
var parser = new xml2js.Parser();
fs.readFile(__dirname + '/foo.xml', function(err, data) {
parser.parseString(data, function (err, result) {
console.dir(result);
console.log('Done');
});
});
Look ma, no event listeners!
You can also use xml2js
from
CoffeeScript, further reducing
the clutter:
fs = require 'fs',
xml2js = require 'xml2js'
parser = new xml2js.Parser()
fs.readFile __dirname + '/foo.xml', (err, data) ->
parser.parseString data, (err, result) ->
console.dir result
console.log 'Done.'
But what happens if you forget the new
keyword to create a new Parser
? In
the middle of a nightly coding session, it might get lost, after all. Worry
not, we got you covered! Starting with 0.2.8 you can also leave it out, in
which case xml2js
will helpfully add it for you, no bad surprises and
inexplicable bugs!
Alternatively you can still use the traditional addListener
variant that was
supported since forever:
var fs = require('fs'),
xml2js = require('xml2js');
var parser = new xml2js.Parser();
parser.addListener('end', function(result) {
console.dir(result);
console.log('Done.');
});
fs.readFile(__dirname + '/foo.xml', function(err, data) {
parser.parseString(data);
});
If you want to parse multiple files, you have multiple possibilites:
xml2js.Parser
per file. That's the recommended one
and is promised to always just work.reset()
on your parser object.Just wrap the result
object in a call to JSON.stringify
like this
JSON.stringify(result)
. You get a string containing the JSON representation
of the parsed object that you can feed to JSON-hungry consumers.
You might wonder why, using console.dir
or console.log
the output at some
level is only [Object]
. Don't worry, this is not because xml2js got lazy.
That's because Node uses util.inspect
to convert the object into strings and
that function stops after depth=2
which is a bit low for most XML.
To display the whole deal, you can use console.log(util.inspect(result, false, null))
, which displays the whole result.
So much for that, but what if you use
eyes for nice colored output and it
truncates the output with …
? Don't fear, there's also a solution for that,
you just need to increase the maxLength
limit by creating a custom inspector
var inspect = require('eyes').inspector({maxLength: false})
and then you can
easily inspect(result)
.
Apart from the default settings, there is a number of options that can be
specified for the parser. Options are specified by new Parser({optionName: value})
. Possible options are:
attrkey
(default: $
): Prefix that is used to access the attributes.
Version 0.1 default was @
.charkey
(default: _
): Prefix that is used to access the character
content. Version 0.1 default was #
.explicitCharkey
(default: false
)trim
(default: false
): Trim the whitespace at the beginning and end of
text nodes.normalizeTags
(default: false
): Normalize all tag names to lowercase.normalize
(default: false
): Trim whitespaces inside text nodes.explicitRoot
(default: true
): Set this if you want to get the root
node in the resulting object.emptyTag
(default: undefined
): what will the value of empty nodes be.
Default is {}
.explicitArray
(default: true
): Always put child nodes in an array if
true; otherwise an array is created only if there is more than one.ignoreAttrs
(default: false
): Ignore all XML attributes and only create
text nodes.mergeAttrs
(default: false
): Merge attributes and child elements as
properties of the parent, instead of keying attributes off a child
attribute object. This option is ignored if ignoreAttrs
is false
.validator
(default null
): You can specify a callable that validates
the resulting structure somehow, however you want. See unit tests
for an example.xmlns
(default false
): Give each element a field usually called '$ns'
(the first character is the same as attrkey) that contains its local name
and namespace URI.explicitChildren
(default false
): Put child elements to separate
property. Doesn't work with mergeAttrs = true
. If element has no children
then "children" won't be created. Added in 0.2.5.childkey
(default $$
): Prefix that is used to access child elements if
explicitChildren
is set to true
. Added in 0.2.5.charsAsChildren
(default false
): Determines whether chars should be
considered children if explicitChildren
is on. Added in 0.2.5.async
(default false
): Should the callbacks be async? This might be
an incompatible change if your code depends on sync execution of callbacks.
xml2js 0.3 might change this default, so the recommendation is to not
depend on sync execution anyway. Added in 0.2.6.strict
(default true
): Set sax-js to strict or non-strict parsing mode.
Defaults to true
which is highly recommended, since parsing HTML which
is not well-formed XML might yield just about anything. Added in 0.2.7.Version 0.2 changed the default parsing settings, but version 0.1.14 introduced the default settings for version 0.2, so these settings can be tried before the migration.
var xml2js = require('xml2js');
var parser = new xml2js.Parser(xml2js.defaults["0.2"]);
To get the 0.1 defaults in version 0.2 you can just use
xml2js.defaults["0.1"]
in the same place. This provides you with enough time
to migrate to the saner way of parsing in xml2js 0.2. We try to make the
migration as simple and gentle as possible, but some breakage cannot be
avoided.
So, what exactly did change and why? In 0.2 we changed some defaults to parse
the XML in a more universal and sane way. So we disabled normalize
and trim
so xml2js does not cut out any text content. You can reenable this at will of
course. A more important change is that we return the root tag in the resulting
JavaScript structure via the explicitRoot
setting, so you need to access the
first element. This is useful for anybody who wants to know what the root node
is and preserves more information. The last major change was to enable
explicitArray
, so everytime it is possible that one might embed more than one
sub-tag into a tag, xml2js >= 0.2 returns an array even if the array just
includes one element. This is useful when dealing with APIs that return
variable amounts of subtags.
The development requirements are handled by npm, you just need to install them.
We also have a number of unit tests, they can be run using npm test
directly
from the project root. This runs zap to discover all the tests and execute
them.
If you like to contribute, keep in mind that xml2js is written in CoffeeScript, so don't develop on the JavaScript files that are checked into the repository for convenience reasons. Also, please write some unit test to check your behaviour and if it is some user-facing thing, add some documentation to this README, so people will know it exists. Thanks in advance!
FAQs
Simple XML to JavaScript object converter.
The npm package xml2js receives a total of 18,631,826 weekly downloads. As such, xml2js popularity was classified as popular.
We found that xml2js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.