https://github.com/cure53/DOMPurify
cross-site-scripting dom dompurify html javascript mathml prevent-xss-attacks sanitizer security svg xss
Score: 36.15274046569548
Last synced: about 5 hours ago
JSON representation
Repository metadata:
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
- Host: GitHub
- URL: https://github.com/cure53/DOMPurify
- Owner: cure53
- License: other
- Created: 2014-02-17T21:48:14.000Z (almost 12 years ago)
- Default Branch: main
- Last Pushed: 2026-01-22T10:26:38.000Z (15 days ago)
- Last Synced: 2026-01-30T01:28:29.337Z (8 days ago)
- Topics: cross-site-scripting, dom, dompurify, html, javascript, mathml, prevent-xss-attacks, sanitizer, security, svg, xss
- Language: JavaScript
- Homepage: https://cure53.de/purify
- Size: 9.9 MB
- Stars: 16,561
- Watchers: 149
- Forks: 824
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Security: SECURITY.md
-
Funding:
- Github: cure53
Owner metadata:
- Name: Cure53
- Login: cure53
- Email:
- Kind: user
- Description: And there is fire where we walk.
- Website: https://cure53.de
- Location: Berlin
- Twitter:
- Company: Fine penetration tests for fine websites
- Icon url: https://avatars.githubusercontent.com/u/6709482?u=4149eb5ebf4e59175c31bbc618805bce4d0535dc&v=4
- Repositories: 20
- Last Synced at: 2025-10-06T12:35:30.686Z
- Profile URL: https://github.com/cure53
GitHub Events
Total
- Commit comment event: 3
- Create event: 13
- Delete event: 6
- Fork event: 97
- Issue comment event: 371
- Issues event: 120
- Pull request event: 118
- Pull request review comment event: 44
- Pull request review event: 19
- Push event: 89
- Release event: 9
- Watch event: 1936
- Total: 2825
Last Year
- Commit comment event: 1
- Create event: 7
- Delete event: 5
- Fork event: 61
- Issue comment event: 214
- Issues event: 79
- Pull request event: 62
- Pull request review comment event: 5
- Pull request review event: 11
- Push event: 51
- Release event: 4
- Watch event: 1413
- Total: 1913
Committers metadata
Last synced: about 8 hours ago
Total Commits: 1,780
Total Committers: 128
Avg Commits per committer: 13.906
Development Distribution Score (DDS): 0.422
Commits in past year: 88
Committers in past year: 16
Avg Commits per committer in past year: 5.5
Development Distribution Score (DDS) in past year: 0.545
| Name | Commits | |
|---|---|---|
| Mario Heiderich | m****o@c****e | 1028 |
| tdeekens | n****d@t****e | 102 |
| mario | m****o@m****) | 72 |
| dependabot[bot] | 4****] | 63 |
| Neil Jenkins | n****l@n****m | 58 |
| ssi02014 | s****4@n****m | 47 |
| Issei Horie | i****e@i****m | 42 |
| Frederic Hemberger | m****l@f****e | 28 |
| Michal Bentkowski | m****i@s****l | 19 |
| suǝʞǝǝpʇ | t****s@e****e | 19 |
| reduckted | r****d@o****m | 17 |
| Malvoz | 2****z | 17 |
| Tobias Smolka | t****a@m****m | 14 |
| Joris van der Wel | j****s@j****m | 14 |
| Yehonatan Daniv | y****d@w****m | 13 |
| Rotzbua | R****a | 12 |
| filedescriptor | f****r@g****m | 10 |
| Conrad Irwin | c****n@g****m | 8 |
| NateScarlet | N****t@G****m | 7 |
| Richard Gibson | r****n@g****m | 6 |
| William Chou | w****u@g****m | 6 |
| Ahmed Elsobky | 0****y@g****m | 5 |
| Edward | 1****d | 5 |
| Grant Gryczan | g****n@g****m | 5 |
| Krzysztof Kotowicz | k****o@g****m | 5 |
| mscheele7 | m****e@o****m | 4 |
| Drew Neil | a****l@g****m | 4 |
| Frank Topel | i****o@c****e | 4 |
| dhoko | d****o@c****g | 4 |
| Steven | s****n@c****m | 4 |
| and 98 more... | ||
Issue and Pull Request metadata
Last synced: 12 days ago
Total issues: 261
Total pull requests: 297
Average time to close issues: 4 days
Average time to close pull requests: 2 days
Total issue authors: 229
Total pull request authors: 57
Average comments per issue: 3.9
Average comments per pull request: 0.83
Merged pull request: 221
Bot issues: 0
Bot pull requests: 40
Past year issues: 59
Past year pull requests: 74
Past year average time to close issues: 4 days
Past year average time to close pull requests: 1 day
Past year issue authors: 45
Past year pull request authors: 17
Past year average comments per issue: 3.27
Past year average comments per pull request: 0.62
Past year merged pull request: 52
Past year bot issues: 0
Past year bot pull requests: 8
Top Issue Authors
- kkmuffme (8)
- nelstrom (4)
- spaceemotion (3)
- george-thomas-hill (2)
- HaluanUskoa (2)
- sgudishettys (2)
- JeremyBradshaw7 (2)
- Roddy5577 (2)
- Mani9398 (2)
- Aetherinox (2)
- lzj722 (2)
- onzag (2)
- kakao-bishop-cho (2)
- joebordes (2)
- fabiospampinato (2)
Top Pull Request Authors
- cure53 (120)
- dependabot[bot] (40)
- Rotzbua (16)
- ssi02014 (16)
- reduckted (12)
- Gigabyte5671 (4)
- icesfont (4)
- asamuzaK (4)
- danishdazer (4)
- nelstrom (3)
- CoryHrycko (2)
- elrion018 (2)
- kyselberg (2)
- KanhaKanhaiya (2)
- hhk-png (2)
Top Issue Labels
Top Pull Request Labels
- dependencies (40)
- javascript (32)
- github_actions (8)
Package metadata
- Total packages: 9
-
Total downloads:
- npm: 82,968,088 last-month
- Total docker downloads: 2,286,374,267
- Total dependent packages: 1,725 (may contain duplicates)
- Total dependent repositories: 56,677 (may contain duplicates)
- Total versions: 358
- Total maintainers: 2
- Total advisories: 8
npmjs.org: dompurify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin
- Homepage: https://github.com/cure53/DOMPurify
- Licenses: (MPL-2.0 OR Apache-2.0)
- Latest release: 3.3.1 (published 2 months ago)
- Last Synced: 2026-02-04T15:51:37.698Z (2 days ago)
- Versions: 133
- Dependent Packages: 1,705
- Dependent Repositories: 56,633
- Downloads: 82,968,085 Last month
- Docker Downloads: 2,286,374,267
-
Rankings:
- Dependent packages count: 0.045%
- Docker downloads count: 0.057%
- Downloads: 0.059%
- Dependent repos count: 0.128%
- Average: 0.441%
- Stargazers count: 0.931%
- Forks count: 1.424%
- Maintainers (1)
-
Advisories:
- DOMPurify allows Cross-site Scripting (XSS)
- DOMPurify vulnerable to tampering by prototype polution
- DOMpurify has a nesting-based mXSS
- DOMPurify allows tampering by prototype pollution
- DOMPurify Open Redirect vulnerability
- Cross-site Scripting in dompurify
- Cross-Site Scripting in dompurify
- Cross-Site Scripting in dompurify
bower.io: dompurify
A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG
- Homepage: https://github.com/cure53/DOMPurify
- Licenses: ["MPL-2.0", "Apache-2.0"]
- Latest release: 3.3.1 (published 2 months ago)
- Last Synced: 2026-02-04T04:10:34.624Z (3 days ago)
- Versions: 133
- Dependent Packages: 1
- Dependent Repositories: 38
-
Rankings:
- Stargazers count: 0.612%
- Forks count: 1.468%
- Average: 2.552%
- Dependent repos count: 2.851%
- Dependent packages count: 5.277%
repo1.maven.org: org.webjars.npm:dompurify
WebJar for dompurify
- Homepage: https://www.webjars.org
- Documentation: https://appdoc.app/artifact/org.webjars.npm/dompurify/
- Licenses: MPL-2.0,Apache-2.0
- Latest release: 3.3.1 (published about 2 months ago)
- Last Synced: 2026-02-04T04:12:34.948Z (3 days ago)
- Versions: 59
- Dependent Packages: 16
- Dependent Repositories: 6
-
Rankings:
- Stargazers count: 2.674%
- Dependent packages count: 3.857%
- Average: 5.903%
- Forks count: 7.164%
- Dependent repos count: 9.917%
repo1.maven.org: org.webjars.bower:dompurify
WebJar for dompurify
- Homepage: http://webjars.org
- Documentation: https://appdoc.app/artifact/org.webjars.bower/dompurify/
- Licenses: MPL-2.0,Apache-2.0
- Latest release: 1.0.7 (published over 7 years ago)
- Last Synced: 2026-02-04T04:11:54.548Z (3 days ago)
- Versions: 4
- Dependent Packages: 3
- Dependent Repositories: 0
-
Rankings:
- Stargazers count: 2.311%
- Forks count: 5.998%
- Average: 14.298%
- Dependent packages count: 16.904%
- Dependent repos count: 31.98%
npmjs.org: @brokenglassinmyfeet/dompurifyplusplus
DOMPurifyPlusPlus is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.
- Homepage: https://github.com/cure53/DOMPurify#readme
- Licenses: MIT
- Latest release: 3.2.0 (published about 1 year ago)
- Last Synced: 2026-02-04T04:10:09.971Z (3 days ago)
- Versions: 1
- Dependent Packages: 0
- Dependent Repositories: 0
- Downloads: 3 Last month
-
Rankings:
- Stargazers count: 0.719%
- Forks count: 1.162%
- Average: 16.106%
- Dependent repos count: 25.545%
- Dependent packages count: 36.999%
- Maintainers (1)
repo1.maven.org: org.webjars.bowergithub.cure53:dompurify
WebJar for DOMPurify
- Homepage: https://www.webjars.org
- Documentation: https://appdoc.app/artifact/org.webjars.bowergithub.cure53/dompurify/
- Licenses: MPL-2.0,Apache-2.0
- Latest release: 2.3.3 (published over 4 years ago)
- Last Synced: 2026-02-04T04:10:53.850Z (3 days ago)
- Versions: 13
- Dependent Packages: 0
- Dependent Repositories: 0
-
Rankings:
- Stargazers count: 2.311%
- Forks count: 5.998%
- Average: 22.287%
- Dependent repos count: 31.98%
- Dependent packages count: 48.86%
repo1.maven.org: org.webjars.bower:DOMPurify
WebJar for DOMPurify
- Homepage: http://webjars.org
- Documentation: https://appdoc.app/artifact/org.webjars.bower/DOMPurify/
- Licenses: MIT
- Latest release: 0.6.2 (published almost 11 years ago)
- Last Synced: 2026-02-04T04:10:59.502Z (3 days ago)
- Versions: 1
- Dependent Packages: 0
- Dependent Repositories: 0
-
Rankings:
- Stargazers count: 2.311%
- Forks count: 5.998%
- Average: 22.287%
- Dependent repos count: 31.98%
- Dependent packages count: 48.86%
repo1.maven.org: org.mvnpm:dompurify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin
- Homepage: https://github.com/cure53/DOMPurify
- Documentation: https://appdoc.app/artifact/org.mvnpm/dompurify/
- Licenses: (MPL-2.0 OR Apache-2.0)
- Latest release: 3.3.1 (published 2 months ago)
- Last Synced: 2026-02-04T04:11:27.629Z (3 days ago)
- Versions: 13
- Dependent Packages: 0
- Dependent Repositories: 0
-
Rankings:
- Dependent repos count: 31.655%
- Average: 38.455%
- Dependent packages count: 45.256%
Dependencies
- 758 dependencies
- @babel/core ^7.17.8 development
- @babel/preset-env ^7.16.11 development
- @rollup/plugin-babel ^5.3.1 development
- @rollup/plugin-commonjs ^21.0.3 development
- @rollup/plugin-node-resolve ^13.1.3 development
- @rollup/plugin-replace ^4.0.0 development
- cross-env ^7.0.3 development
- eslint-config-prettier ^8.5.0 development
- eslint-plugin-prettier ^4.0.0 development
- jquery ^3.6.0 development
- jsdom ^19.0.0 development
- karma ^6.3.17 development
- karma-browserstack-launcher ^1.5.1 development
- karma-chrome-launcher ^3.1.0 development
- karma-firefox-launcher ^2.1.2 development
- karma-qunit ^4.1.2 development
- karma-rollup-preprocessor ^7.0.8 development
- lodash.sample ^4.2.1 development
- minimist ^1.2.6 development
- npm-run-all ^4.1.5 development
- pre-commit ^1.2.2 development
- prettier ^2.5.1 development
- qunit ^2.4.1 development
- qunit-tap ^1.5.0 development
- rimraf ^3.0.2 development
- rollup ^2.70.1 development
- rollup-plugin-includepaths ^0.2.3 development
- rollup-plugin-terser ^7.0.2 development
- xo ^0.48.0 development
- GabrielBB/xvfb-action v1.6 composite
- actions/checkout v3 composite
- actions/setup-node v3 composite
- actions/checkout v3 composite
- github/codeql-action/analyze v2 composite
- github/codeql-action/autobuild v2 composite
- github/codeql-action/init v2 composite