7 Best Node.js XSS Sanitizer Libraries
dom
dompurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Save
(MPL-2.0 OR Apache-2.0)
TypeScript Definitions:
DefinitelyTyped
GitHub Stars
8.4K
Weekly Downloads
2.2M
Last Commit
2d ago
Bundle Size
(min+gzip)
Tree-Shakeable
User Rating
5.0
/ 5
2
Top Feedback
3
Easy to Use
2
Performant
xss
xss
Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
Save
MIT
TypeScript Definitions:
Built-In
GitHub Stars
4.4K
Weekly Downloads
2.3M
Last Commit
1mo ago
Bundle Size
(min+gzip)
Not Tree-Shakeable
User Rating
5.0
/ 5
2
Top Feedback
es
express-sanitizer
An express.js middleware for node-validator
Save
MIT
TypeScript Definitions:
DefinitelyTyped
GitHub Stars
45
Weekly Downloads
6.8K
Last Commit
10mos ago
Bundle Size
(min+gzip)
Not Tree-Shakeable
@risingstack/protect
Proactively protect your Node.js web services
Save
MIT
TypeScript Definitions:
Not Found
Deprecated
GitHub Stars
399
Weekly Downloads
411
Last Commit
5yrs ago
Bundle Size
(min+gzip)
Not Tree-Shakeable
xss
xsslint
Find potential XSS vulnerabilities
Save
MIT
TypeScript Definitions:
DefinitelyTyped
GitHub Stars
27
Weekly Downloads
26
Last Commit
2yrs ago
Bundle Size
(min+gzip)
Not Tree-Shakeable
xs
xss-scanner
Cross-Site Scripting (XSS) scanner. This tool helps to find possible XSS vulnerabilities. Cross platform - macOS, Linux, and Windows.
Save
MIT
TypeScript Definitions:
DefinitelyTyped
GitHub Stars
9
Weekly Downloads
14
Last Commit
5yrs ago
Bundle Size
(min+gzip)
Not Tree-Shakeable
express-secure-handlebars
Express with Secure Handlebars
Save
BSD-2-Clause
TypeScript Definitions:
DefinitelyTyped
Deprecated
GitHub Stars
12
Weekly Downloads
1
Last Commit
3yrs ago
Bundle Size
(min+gzip)
Not Tree-Shakeable
