Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Utilities for determining if characters belong to character classes defined by the XML specs.
The xmlchars npm package is designed to provide utilities for working with XML characters. It offers functions to validate and handle XML character sets according to the XML specification. This package is useful for developers working with XML data, ensuring that the content they work with is compliant with XML standards.
XML 1.0 Name Character Validation
This feature allows you to check if a character or a string of characters is valid according to XML 1.0 specifications for names. This is useful for validating XML tag names and attribute names.
const xmlchars = require('xmlchars');
const isValid = xmlchars.XML_1_0.isNameChar('a');
console.log(isValid); // Outputs: true
XML 1.1 Name Start Character Validation
This feature checks if a character can validly start an XML name in XML 1.1. It's essential for ensuring that names in XML documents adhere to the XML 1.1 specification.
const xmlchars = require('xmlchars');
const isValid = xmlchars.XML_1_1.isNameStartChar('a');
console.log(isValid); // Outputs: true
This package provides similar functionalities for validating XML names. It checks if strings are valid XML names or qualified names. Compared to xmlchars, xml-name-validator focuses more narrowly on name validation without addressing other character-related checks.
Utilities for determining whether characters belong to character classes defined by the XML specs.
It used to be that the library was contained in a single file and you could just
import/require/what-have-you the xmlchars
module. However, that setup did not
work well for people who cared about code optimization. Importing xmlchars
meant importing all of the library and because of the way the code was
generated there was no way to shake the resulting code tree.
Different modules cover different standards. At the time this documentation was last updated, we had:
xmlchars/xml/1.0/ed5
which covers XML 1.0 edition 5.xmlchars/xml/1.0/ed4
which covers XML 1.0 edition 4.xmlchars/xml/1.1/ed2
which covers XML 1.0 edition 2.xmlchars/xmlns/1.0/ed3
which covers XML Namespaces 1.0 edition 3.The "things" each module contains can be categorized as follows:
"Fragments": these are parts and pieces of regular expressions that correspond to the productions defined in the standard that the module covers. You'd use these to build regular expressions.
Regular expressions that correspond to the productions defined in the standard that the module covers.
Lists: these are arrays of characters that correspond to the productions.
Functions that test code points to verify whether they fit a production.
FAQs
Utilities for determining if characters belong to character classes defined by the XML specs.
We found that xmlchars demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.