Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
xmlbuilder2
Advanced tools
Changelog
Readme
An XML builder for node.js.
npm install xmlbuilder2
See: https://oozcitak.github.io/xmlbuilder2/
xmlbuilder2
is a wrapper around DOM nodes which adds chainable functions to make it easier to create and work with XML documents. For example the following XML document:
<?xml version="1.0"?>
<root att="val">
<foo>
<bar>foobar</bar>
</foo>
<baz/>
</root>
can be created with the following function chain:
const { create } = require('xmlbuilder2');
const root = create({ version: '1.0' })
.ele('root', { att: 'val' })
.ele('foo')
.ele('bar').txt('foobar').up()
.up()
.ele('baz').up()
.up();
// convert the XML tree to string
const xml = root.end({ prettyPrint: true });
console.log(xml);
The same XML document can be created by converting a JS object into XML nodes:
const { create } = require('xmlbuilder2');
const obj = {
root: {
'@att': 'val',
foo: {
bar: 'foobar'
},
baz: {}
}
};
const doc = create(obj);
const xml = doc.end({ prettyPrint: true });
console.log(xml);
xmlbuilder2
can also parse and serialize XML documents from different formats:
const { create } = require('xmlbuilder2');
const xmlStr = '<root att="val"><foo><bar>foobar</bar></foo></root>';
const doc = create(xmlStr);
// append a 'baz' element to the root node of the document
doc.root().ele('baz');
const xml = doc.end({ prettyPrint: true });
console.log(xml);
which would output the same document string at the top of this page.
Or you could return a JS object by changing the format
argument to 'object'
:
const obj = doc.end({ format: 'object' });
console.log(obj);
{
root: {
'@att': 'val',
foo: {
bar: 'foobar'
},
baz: {}
}
}
You can convert between formats in one go with the convert
function:
const { convert } = require('xmlbuilder2');
const xmlStr = '<root att="val"><foo><bar>foobar</bar></foo></root>';
const obj = convert(xmlStr, { format: "object" });
console.log(obj);
{
root: {
'@att': 'val',
foo: {
bar: 'foobar'
}
}
}
If you need to do some processing:
const { create } = require('xmlbuilder2');
const root = create().ele('squares');
root.com('f(x) = x^2');
for(let i = 1; i <= 5; i++)
{
const item = root.ele('data');
item.att('x', i);
item.att('y', i * i);
}
const xml = root.end({ prettyPrint: true });
console.log(xml);
This will result in:
<?xml version="1.0"?>
<squares>
<!-- f(x) = x^2 -->
<data x="1" y="1"/>
<data x="2" y="4"/>
<data x="3" y="9"/>
<data x="4" y="16"/>
<data x="5" y="25"/>
</squares>
You can build the minified production bundle (lib/xmlbuilder2.min.js
) after cloning the repository and issuing npx webpack
in your terminal. The bundle is also in the npm package, so you can also use a public npm CDN like jsDelivr or unpkg:
<!-- latest version from jsDelivr -->
<script src="https://cdn.jsdelivr.net/npm/xmlbuilder2/lib/xmlbuilder2.min.js"></script>
<!-- latest version from unpkg -->
<script src="https://unpkg.com/xmlbuilder2/lib/xmlbuilder2.min.js"></script>
Please consider becoming a backer or sponsor to help support development.
FAQs
An XML builder for node.js
The npm package xmlbuilder2 receives a total of 978,279 weekly downloads. As such, xmlbuilder2 popularity was classified as popular.
We found that xmlbuilder2 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.