
Security Fundamentals
Turtles, Clams, and Cyber Threat Actors: Shell Usage
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
xmlbuilder
Advanced tools
The xmlbuilder npm package is a utility that allows for the easy creation of XML documents with a simple and readable API. It provides a way to build XML documents from JavaScript objects, and it supports various customization options for attributes, namespaces, and more.
Creating an XML document
This feature allows you to create a complete XML document. You can specify attributes with '@' and text content with '#text'.
{"root":{"xmlbuilder":{"@version":"1.0","@encoding":"UTF-8","foo":{"@bar":"baz","#text":"Hello xmlbuilder!"}}}}
Customizing XML declaration
This feature allows you to customize the XML declaration by specifying the version, encoding, and standalone attributes.
{"declaration":{"@version":"1.0","@encoding":"UTF-8","@standalone":"yes"},"root":{"foo":"bar"}}
Adding attributes
This feature allows you to add attributes to an element. Attributes are prefixed with '@' and can be combined with text content.
{"root":{"ele":{"@id":"1","@name":"test","#text":"An element with attributes"}}}
Creating comments
This feature allows you to insert comments into your XML document using the '#comment' key.
{"root":{"#comment":"This is a comment","foo":"bar"}}
Building from an object
This feature allows you to build an XML document from a JavaScript object, with nested elements represented as nested objects.
{"root":{"ele":{"subele":"text","subele2":"text2"}}}
fast-xml-parser is a very fast XML to JavaScript object converter. It can also convert back from an object to XML. It provides options to validate, parse, or traverse XML. It is different from xmlbuilder in that it focuses on parsing existing XML content rather than building new XML documents.
xml2js is another popular package that can convert XML to a JavaScript object and vice versa. It is similar to xmlbuilder in that it allows for the creation of XML, but it also provides parsing capabilities, which xmlbuilder does not.
xml-js can convert XML text to a JavaScript object (JSON) and vice versa. It provides a comprehensive set of options for conversion and can handle comments, processing instructions, and CDATA. It is similar to xmlbuilder but also includes conversion from XML to JSON.
An XML builder for node.js similar to java-xmlbuilder.
xmlbuilder2
:The new release of xmlbuilder
is available at xmlbuilder2
! xmlbuilder2
has been redesigned from the ground up to be fully conforming to the modern DOM specification. It supports XML namespaces, provides built-in converters for multiple formats, collection functions, and more. Please see upgrading from xmlbuilder in the wiki.
New development will be focused towards xmlbuilder2
; xmlbuilder
will only receive critical bug fixes.
npm install xmlbuilder
var builder = require('xmlbuilder');
var xml = builder.create('root')
.ele('xmlbuilder')
.ele('repo', {'type': 'git'}, 'git://github.com/oozcitak/xmlbuilder-js.git')
.end({ pretty: true});
console.log(xml);
will result in:
<?xml version="1.0"?>
<root>
<xmlbuilder>
<repo type="git">git://github.com/oozcitak/xmlbuilder-js.git</repo>
</xmlbuilder>
</root>
It is also possible to convert objects into nodes:
var builder = require('xmlbuilder');
var obj = {
root: {
xmlbuilder: {
repo: {
'@type': 'git', // attributes start with @
'#text': 'git://github.com/oozcitak/xmlbuilder-js.git' // text node
}
}
}
};
var xml = builder.create(obj).end({ pretty: true});
console.log(xml);
If you need to do some processing:
var builder = require('xmlbuilder');
var root = builder.create('squares');
root.com('f(x) = x^2');
for(var i = 1; i <= 5; i++)
{
var item = root.ele('data');
item.att('x', i);
item.att('y', i * i);
}
var xml = root.end({ pretty: true});
console.log(xml);
This will result in:
<?xml version="1.0"?>
<squares>
<!-- f(x) = x^2 -->
<data x="1" y="1"/>
<data x="2" y="4"/>
<data x="3" y="9"/>
<data x="4" y="16"/>
<data x="5" y="25"/>
</squares>
See the wiki for details and examples for more complex examples.
[15.1.1] - 2020-04-09
noDoubleEncoding
flag kept named entities other than those specified in the spec (see #16 in xmlbuilder2
).FAQs
An XML builder for node.js
The npm package xmlbuilder receives a total of 25,837,707 weekly downloads. As such, xmlbuilder popularity was classified as popular.
We found that xmlbuilder demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security Fundamentals
The Socket Threat Research Team uncovers how threat actors weaponize shell techniques across npm, PyPI, and Go ecosystems to maintain persistence and exfiltrate data.
Security News
At VulnCon 2025, NIST scrapped its NVD consortium plans, admitted it can't keep up with CVEs, and outlined automation efforts amid a mounting backlog.
Product
We redesigned our GitHub PR comments to deliver clear, actionable security insights without adding noise to your workflow.