Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
xss-mini - npm Package Compare versions
Comparing version 1.0.0 to 1.0.1
| { | ||
| "name": "xss-mini", | ||
| "version": "1.0.0", | ||
| "version": "1.0.1", | ||
| "description": "A lightweight library for sanitizing HTML input to prevent XSS attacks.", | ||
| "main": "dist/sanitizeHtml.js", | ||
| "main": "dist/sanitizeHtml.min.js", | ||
| "types": "dist/sanitizeHtml.d.ts", | ||
| "scripts": { | ||
| "build": "tsc", | ||
| "build": "tsc && terser dist/sanitizeHtml.js --compress --mangle --output dist/sanitizeHtml.min.js", | ||
| "test": "jest" | ||
@@ -23,2 +23,3 @@ }, | ||
| "jest-environment-jsdom": "^29.7.0", | ||
| "terser": "^5.31.1", | ||
| "ts-jest": "^29.1.5", | ||
@@ -25,0 +26,0 @@ "ts-node": "^10.9.2", |
@@ -17,21 +17,4 @@ # xss-mini | ||
| Or with yarn | ||
| ```bash | ||
| yarn add xss-mini | ||
| ``` | ||
| ## Usage | ||
| ### In TypeScript | ||
| ```typescript | ||
| import xss from 'xss-mini'; | ||
| const userInput: string = '<h1>Title</h1> <b>Hello</b> <script>alert("XSS Attack!");</script> <a href="http://example.com" onclick="maliciousFunction()">link</a>'; | ||
| const safeHtml: string = xss(userInput); | ||
| console.log(safeHtml); // Outputs: <h1>Title</h1> <b>Hello</b> <a href="http://example.com">link</a> | ||
| ``` | ||
| ### In JavaScript | ||
@@ -61,4 +44,4 @@ | ||
| const userInput: string = '<h1>Title</h1> <b>Hello</b> <script>alert("XSS Attack!");</script> <a href="http://example.com" onclick="maliciousFunction()">link</a>'; | ||
| const safeHtml: string = xss(userInput, customAllowedTags, customAllowedAttributes); | ||
| const userInput = '<h1>Title</h1> <b>Hello</b> <script>alert("XSS Attack!");</script> <a href="http://example.com" onclick="maliciousFunction()">link</a>'; | ||
| const safeHtml = xss(userInput, customAllowedTags, customAllowedAttributes); | ||
@@ -65,0 +48,0 @@ console.log(safeHtml); // Outputs: <h1>Title</h1> <b>Hello</b> <a href="http://example.com">link</a> |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Empty package
Supply chain riskPackage does not contain any code. It may be removed, is name squatting, or the result of a faulty package publish.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
- decreased by-62.51%
3348
- Dev dependency count
- increased by16.67%
7
- Number of package files
- decreased by-72.73%
3
- Lines of code
- decreased by-100%
0
- Number of lines in readme file
- decreased by-24.64%
52
- Number of medium supply chain risk alerts
- increased byInfinity%
1
No dependency changes