https://github.com/cure53/DOMPurify

cross-site-scripting dom dompurify html javascript mathml prevent-xss-attacks sanitizer security svg xss

Score: 36.18637352333625

Last synced: about 15 hours ago
JSON representation

Repository metadata:

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Host: GitHub
URL: https://github.com/cure53/DOMPurify
Owner: cure53
License: other
Created: 2014-02-17T21:48:14.000Z (about 12 years ago)
Default Branch: main
Last Pushed: 2026-03-26T08:07:23.000Z (3 days ago)
Last Synced: 2026-03-27T05:38:34.021Z (2 days ago)
Topics: cross-site-scripting, dom, dompurify, html, javascript, mathml, prevent-xss-attacks, sanitizer, security, svg, xss
Language: JavaScript
Homepage: https://cure53.de/purify
Size: 10.7 MB
Stars: 16,799
Watchers: 150
Forks: 828
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Security: SECURITY.md
Funding:
- Github: cure53

Owner metadata:

Name: Cure53
Login: cure53
Email: mario@cure53.de
Kind: user
Description: And there is fire where we walk.
Website: https://cure53.de
Location: Berlin
Twitter:
Company: Fine penetration tests for fine websites
Icon url: https://avatars.githubusercontent.com/u/6709482?u=4149eb5ebf4e59175c31bbc618805bce4d0535dc&v=4
Repositories: 20
Last Synced at: 2026-02-23T22:51:51.351Z
Profile URL: https://github.com/cure53

GitHub Events

Total

Commit comment event: 3
Create event: 17
Delete event: 9
Fork event: 100
Issue comment event: 381
Issues event: 126
Pull request event: 134
Pull request review comment event: 44
Pull request review event: 19
Push event: 109
Release event: 9
Watch event: 2031
Total: 2982

Last Year

Commit comment event: 1
Create event: 10
Delete event: 8
Fork event: 40
Issue comment event: 173
Issues event: 68
Pull request event: 67
Pull request review comment event: 5
Pull request review event: 8
Push event: 60
Release event: 3
Watch event: 1087
Total: 1530

Committers metadata

Last synced: 4 days ago

Total Commits: 1,803
Total Committers: 128
Avg Commits per committer: 14.086
Development Distribution Score (DDS): 0.423

Commits in past year: 99
Committers in past year: 12
Avg Commits per committer in past year: 8.25
Development Distribution Score (DDS) in past year: 0.515

Name	Email	Commits
Mario Heiderich	m**o@c**e	1041
tdeekens	n**d@t**e	102
dependabot[bot]	4****]	72
mario	m**o@m**)	72
Neil Jenkins	n**l@n**m	58
ssi02014	s**4@n**m	47
Issei Horie	i**e@i**m	42
Frederic Hemberger	m**l@f**e	28
Michal Bentkowski	m**i@s**l	19
suǝʞǝǝpʇ	t**s@e**e	19
reduckted	r**d@o**m	17
Malvoz	2****z	17
Tobias Smolka	t**a@m**m	14
Joris van der Wel	j**s@j**m	14
Rotzbua	R****a	13
Yehonatan Daniv	y**d@w**m	13
filedescriptor	f**r@g**m	10
Conrad Irwin	c**n@g**m	8
NateScarlet	N**t@G**m	7
William Chou	w**u@g**m	6
Richard Gibson	r**n@g**m	6
Ahmed Elsobky	0**y@g**m	5
Edward	1****d	5
Grant Gryczan	g**n@g**m	5
Krzysztof Kotowicz	k**o@g**m	5
mscheele7	m**e@o**m	4
Drew Neil	a**l@g**m	4
Frank Topel	i**o@c**e	4
dhoko	d**o@c**g	4
Steven	s**n@c**m	4
and 98 more...

Issue and Pull Request metadata

Last synced: 4 days ago

Total issues: 267
Total pull requests: 304
Average time to close issues: 4 days
Average time to close pull requests: 2 days
Total issue authors: 235
Total pull request authors: 57
Average comments per issue: 3.96
Average comments per pull request: 0.83
Merged pull request: 227
Bot issues: 0
Bot pull requests: 44

Past year issues: 56
Past year pull requests: 70
Past year average time to close issues: 4 days
Past year average time to close pull requests: about 22 hours
Past year issue authors: 43
Past year pull request authors: 13
Past year average comments per issue: 3.82
Past year average comments per pull request: 0.51
Past year merged pull request: 47
Past year bot issues: 0
Past year bot pull requests: 12

More stats: https://issues.ecosyste.ms/repositories/lookup?url=https://github.com/cure53/DOMPurify

Top Issue Authors

kkmuffme (8)
nelstrom (4)
spaceemotion (3)
HaluanUskoa (2)
JeremyBradshaw7 (2)
Roddy5577 (2)
Mani9398 (2)
sgudishettys (2)
Aetherinox (2)
lzj722 (2)
kakao-bishop-cho (2)
fabiospampinato (2)
onzag (2)
joebordes (2)
Rotzbua (2)

Top Pull Request Authors

cure53 (122)
dependabot[bot] (44)
Rotzbua (17)
ssi02014 (16)
reduckted (12)
Gigabyte5671 (4)
icesfont (4)
asamuzaK (4)
danishdazer (4)
nelstrom (3)
CoryHrycko (2)
elrion018 (2)
kyselberg (2)
KanhaKanhaiya (2)
hhk-png (2)

Top Issue Labels

Top Pull Request Labels

dependencies (44)
javascript (36)
github_actions (8)

Package metadata

Total packages: 15
Total downloads:
- npm: 129,296,891 last-month
Total docker downloads: 2,286,374,267
Total dependent packages: 1,725 (may contain duplicates)
Total dependent repositories: 56,677 (may contain duplicates)
Total versions: 371
Total maintainers: 2
Total advisories: 10

debian-12: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Documentation: https://packages.debian.org/bookworm/node-dompurify
Licenses: other
Latest release: 2.4.1+dfsg+~2.4.0-2+deb12u1 (published about 1 month ago)
Last Synced: 2026-03-13T21:51:32.753Z (15 days ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 0.142%
- Stargazers count: 0.178%
- Forks count: 0.39%

npmjs.org: dompurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

Homepage: https://github.com/cure53/DOMPurify
Licenses: (MPL-2.0 OR Apache-2.0)
Latest release: 3.3.3 (published 18 days ago)
Last Synced: 2026-03-26T09:08:31.368Z (3 days ago)
Versions: 136
Dependent Packages: 1,705
Dependent Repositories: 56,633
Downloads: 129,296,877 Last month
Docker Downloads: 2,286,374,267
Rankings:
- Dependent packages count: 0.045%
- Docker downloads count: 0.057%
- Downloads: 0.059%
- Dependent repos count: 0.128%
- Average: 0.441%
- Stargazers count: 0.931%
- Forks count: 1.424%
Maintainers (1)
- cure53
Advisories:

bower.io: dompurify

A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG

Homepage: https://github.com/cure53/DOMPurify
Licenses: ["MPL-2.0", "Apache-2.0"]
Latest release: 3.3.1 (published 4 months ago)
Last Synced: 2026-03-10T19:47:04.075Z (19 days ago)
Versions: 133
Dependent Packages: 1
Dependent Repositories: 38
Rankings:
- Stargazers count: 0.612%
- Forks count: 1.468%
- Average: 2.552%
- Dependent repos count: 2.851%
- Dependent packages count: 5.277%

repo1.maven.org: org.webjars.npm:dompurify

WebJar for dompurify

Homepage: https://www.webjars.org
Documentation: https://appdoc.app/artifact/org.webjars.npm/dompurify/
Licenses: MPL-2.0,Apache-2.0
Latest release: 3.3.3 (published 17 days ago)
Last Synced: 2026-03-25T15:02:17.697Z (4 days ago)
Versions: 61
Dependent Packages: 16
Dependent Repositories: 6
Rankings:
- Stargazers count: 2.674%
- Dependent packages count: 3.857%
- Average: 5.903%
- Forks count: 7.164%
- Dependent repos count: 9.917%

repo1.maven.org: org.webjars.bower:dompurify

WebJar for dompurify

Homepage: http://webjars.org
Documentation: https://appdoc.app/artifact/org.webjars.bower/dompurify/
Licenses: MPL-2.0,Apache-2.0
Latest release: 1.0.7 (published over 7 years ago)
Last Synced: 2026-03-25T15:03:39.978Z (4 days ago)
Versions: 4
Dependent Packages: 3
Dependent Repositories: 0
Rankings:
- Stargazers count: 2.311%
- Forks count: 5.998%
- Average: 14.298%
- Dependent packages count: 16.904%
- Dependent repos count: 31.98%

npmjs.org: @brokenglassinmyfeet/dompurifyplusplus

DOMPurifyPlusPlus is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.

Homepage: https://github.com/cure53/DOMPurify#readme
Licenses: MIT
Latest release: 3.2.0 (published over 1 year ago)
Last Synced: 2026-03-25T15:03:06.907Z (4 days ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Downloads: 14 Last month
Rankings:
- Stargazers count: 0.719%
- Forks count: 1.162%
- Average: 16.106%
- Dependent repos count: 25.545%
- Dependent packages count: 36.999%
Maintainers (1)
- brokenglassinmyfeet

repo1.maven.org: org.webjars.bowergithub.cure53:dompurify

WebJar for DOMPurify

Homepage: https://www.webjars.org
Documentation: https://appdoc.app/artifact/org.webjars.bowergithub.cure53/dompurify/
Licenses: MPL-2.0,Apache-2.0
Latest release: 2.3.3 (published over 4 years ago)
Last Synced: 2026-03-25T15:02:40.525Z (4 days ago)
Versions: 13
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Stargazers count: 2.311%
- Forks count: 5.998%
- Average: 22.287%
- Dependent repos count: 31.98%
- Dependent packages count: 48.86%

repo1.maven.org: org.webjars.bower:DOMPurify

WebJar for DOMPurify

Homepage: http://webjars.org
Documentation: https://appdoc.app/artifact/org.webjars.bower/DOMPurify/
Licenses: MIT
Latest release: 0.6.2 (published almost 11 years ago)
Last Synced: 2026-03-25T15:04:21.685Z (4 days ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Stargazers count: 2.311%
- Forks count: 5.998%
- Average: 22.287%
- Dependent repos count: 31.98%
- Dependent packages count: 48.86%

repo1.maven.org: org.mvnpm:dompurify

Homepage: https://github.com/cure53/DOMPurify
Documentation: https://appdoc.app/artifact/org.mvnpm/dompurify/
Licenses: (MPL-2.0 OR Apache-2.0)
Latest release: 3.3.3 (published 18 days ago)
Last Synced: 2026-03-25T15:03:41.585Z (4 days ago)
Versions: 15
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 31.655%
- Average: 38.455%
- Dependent packages count: 45.256%

ubuntu-24.10: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Licenses:
Latest release: 3.0.9+dfsg+~3.0.5-1 (published about 2 months ago)
Last Synced: 2026-03-10T20:29:18.802Z (18 days ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

debian-13: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Documentation: https://packages.debian.org/trixie/node-dompurify
Licenses:
Latest release: 3.1.7+dfsg+~3.0.5-2 (published about 1 month ago)
Last Synced: 2026-03-14T07:03:12.855Z (15 days ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

ubuntu-23.04: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Licenses:
Latest release: 2.4.1+dfsg+~2.4.0-1 (published about 2 months ago)
Last Synced: 2026-03-11T22:42:56.305Z (17 days ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

ubuntu-23.10: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Licenses:
Latest release: 2.4.1+dfsg+~2.4.0-1 (published about 1 month ago)
Last Synced: 2026-03-14T09:19:24.029Z (15 days ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

ubuntu-22.04: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Licenses:
Latest release: 2.3.3+dfsg-1 (published about 2 months ago)
Last Synced: 2026-03-10T19:41:20.339Z (19 days ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

ubuntu-24.04: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Licenses:
Latest release: 3.0.9+dfsg+~3.0.5-1 (published about 2 months ago)
Last Synced: 2026-03-10T19:41:12.104Z (19 days ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

Dependencies

package-lock.json npm

758 dependencies

package.json npm

@babel/core ^7.17.8 development
@babel/preset-env ^7.16.11 development
@rollup/plugin-babel ^5.3.1 development
@rollup/plugin-commonjs ^21.0.3 development
@rollup/plugin-node-resolve ^13.1.3 development
@rollup/plugin-replace ^4.0.0 development
cross-env ^7.0.3 development
eslint-config-prettier ^8.5.0 development
eslint-plugin-prettier ^4.0.0 development
jquery ^3.6.0 development
jsdom ^19.0.0 development
karma ^6.3.17 development
karma-browserstack-launcher ^1.5.1 development
karma-chrome-launcher ^3.1.0 development
karma-firefox-launcher ^2.1.2 development
karma-qunit ^4.1.2 development
karma-rollup-preprocessor ^7.0.8 development
lodash.sample ^4.2.1 development
minimist ^1.2.6 development
npm-run-all ^4.1.5 development
pre-commit ^1.2.2 development
prettier ^2.5.1 development
qunit ^2.4.1 development
qunit-tap ^1.5.0 development
rimraf ^3.0.2 development
rollup ^2.70.1 development
rollup-plugin-includepaths ^0.2.3 development
rollup-plugin-terser ^7.0.2 development
xo ^0.48.0 development

.github/workflows/build-and-test.yml actions

GabrielBB/xvfb-action v1.6 composite
actions/checkout v3 composite
actions/setup-node v3 composite

.github/workflows/codeql-analysis.yml actions

actions/checkout v3 composite
github/codeql-action/analyze v2 composite
github/codeql-action/autobuild v2 composite
github/codeql-action/init v2 composite

typescript/esm-with-no-types/package.json npm

bower.json bower

typescript/esm-with-specific-types/package.json npm

typescript/esm/package.json npm

typescript/package.json npm

dompurify file:..

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Summary