https://github.com/cure53/DOMPurify

cross-site-scripting dom dompurify html javascript mathml prevent-xss-attacks sanitizer security svg xss

Score: 36.27349865835569

Last synced: about 6 hours ago
JSON representation

Repository metadata:

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Host: GitHub
URL: https://github.com/cure53/DOMPurify
Owner: cure53
License: apache-2.0
Created: 2014-02-17T21:48:14.000Z (over 12 years ago)
Default Branch: main
Last Pushed: 2026-06-17T10:06:00.000Z (3 days ago)
Last Synced: 2026-06-17T11:18:24.763Z (3 days ago)
Topics: cross-site-scripting, dom, dompurify, html, javascript, mathml, prevent-xss-attacks, sanitizer, security, svg, xss
Language: JavaScript
Homepage: https://cure53.de/purify
Size: 12.3 MB
Stars: 17,123
Watchers: 147
Forks: 852
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: CODEOWNERS
- Security: SECURITY.md
Funding:
- Github: cure53

Owner metadata:

Name: Cure53
Login: cure53
Email: mario@cure53.de
Kind: user
Description: And there is fire where we walk.
Website: https://cure53.de
Location: Berlin
Twitter:
Company: Fine penetration tests for fine websites
Icon url: https://avatars.githubusercontent.com/u/6709482?u=4149eb5ebf4e59175c31bbc618805bce4d0535dc&v=4
Repositories: 20
Last Synced at: 2026-04-23T20:12:56.357Z
Profile URL: https://github.com/cure53

GitHub Events

Total

Commit comment event: 10
Create event: 100
Delete event: 82
Fork event: 101
Issue comment event: 386
Issues event: 130
Pull request event: 189
Pull request review comment event: 44
Pull request review event: 28
Push event: 247
Release event: 10
Watch event: 2080
Total: 3407

Last Year

Commit comment event: 7
Create event: 90
Delete event: 80
Fork event: 19
Issue comment event: 101
Issues event: 39
Pull request event: 96
Pull request review comment event: 5
Pull request review event: 15
Push event: 179
Release event: 2
Watch event: 683
Total: 1316

Committers metadata

Last synced: 2 days ago

Total Commits: 2,005
Total Committers: 134
Avg Commits per committer: 14.963
Development Distribution Score (DDS): 0.414

Commits in past year: 279
Committers in past year: 15
Avg Commits per committer in past year: 18.6
Development Distribution Score (DDS) in past year: 0.391

Name	Email	Commits
Mario Heiderich	m**o@c**e	1175
dependabot[bot]	4****]	132
tdeekens	n**d@t**e	102
mario	m**o@m**)	72
Neil Jenkins	n**l@n**m	58
ssi02014	s**4@n**m	47
Issei Horie	i**e@i**m	42
Frederic Hemberger	m**l@f**e	28
suǝʞǝǝpʇ	t**s@e**e	19
Michal Bentkowski	m**i@s**l	19
reduckted	r**d@o**m	17
Malvoz	2****z	17
Tobias Smolka	t**a@m**m	14
Joris van der Wel	j**s@j**m	14
Yehonatan Daniv	y**d@w**m	13
Rotzbua	R****a	13
filedescriptor	f**r@g**m	10
Conrad Irwin	c**n@g**m	8
NateScarlet	N**t@G**m	7
Richard Gibson	r**n@g**m	6
William Chou	w**u@g**m	6
Ahmed Elsobky	0**y@g**m	5
Drew Neil	a**l@g**m	5
Edward	1****d	5
Grant Gryczan	g**n@g**m	5
Krzysztof Kotowicz	k**o@g**m	5
mscheele7	m**e@o**m	4
Steven	s**n@c**m	4
Frank Topel	i**o@c**e	4
dhoko	d**o@c**g	4
and 104 more...

Issue and Pull Request metadata

Last synced: 3 days ago

Total issues: 278
Total pull requests: 401
Average time to close issues: 4 days
Average time to close pull requests: 1 day
Total issue authors: 244
Total pull request authors: 58
Average comments per issue: 3.95
Average comments per pull request: 0.64
Merged pull request: 300
Bot issues: 0
Bot pull requests: 75

Past year issues: 48
Past year pull requests: 136
Past year average time to close issues: 4 days
Past year average time to close pull requests: about 13 hours
Past year issue authors: 37
Past year pull request authors: 10
Past year average comments per issue: 4.31
Past year average comments per pull request: 0.18
Past year merged pull request: 102
Past year bot issues: 0
Past year bot pull requests: 43

More stats: https://issues.ecosyste.ms/repositories/lookup?url=https://github.com/cure53/DOMPurify

Top Issue Authors

kkmuffme (8)
nelstrom (5)
spaceemotion (3)
asamuzaK (3)
Aetherinox (2)
Roddy5577 (2)
Mani9398 (2)
HaluanUskoa (2)
kakao-bishop-cho (2)
sgudishettys (2)
JeremyBradshaw7 (2)
fabiospampinato (2)
joebordes (2)
lzj722 (2)
onzag (2)

Top Pull Request Authors

cure53 (185)
dependabot[bot] (75)
Rotzbua (17)
ssi02014 (16)
reduckted (12)
nelstrom (4)
asamuzaK (4)
Gigabyte5671 (4)
danishdazer (4)
icesfont (4)
hhk-png (2)
KanhaKanhaiya (2)
svdb99 (2)
HugoPoi (2)
reey (2)

Top Issue Labels

Top Pull Request Labels

dependencies (75)
javascript (58)
github_actions (17)

Package metadata

Total packages: 15
Total downloads:
- npm: 183,556,435 last-month
Total docker downloads: 2,286,374,267
Total dependent packages: 1,725 (may contain duplicates)
Total dependent repositories: 56,677 (may contain duplicates)
Total versions: 392
Total maintainers: 2
Total advisories: 26

debian-12: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Documentation: https://packages.debian.org/bookworm/node-dompurify
Licenses: other
Latest release: 2.4.1+dfsg+~2.4.0-2+deb12u1 (published 4 months ago)
Last Synced: 2026-03-13T21:51:32.753Z (3 months ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 0.142%
- Stargazers count: 0.178%
- Forks count: 0.39%

npmjs.org: dompurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It runs as JavaScript and works in all modern browsers, as well as in Node.js (via jsdom). DOMPurify is written by security people who have vast background in web a

Homepage: https://github.com/cure53/DOMPurify
Licenses: (MPL-2.0 OR Apache-2.0)
Latest release: 3.4.11 (published 3 days ago)
Last Synced: 2026-06-18T17:14:25.498Z (2 days ago)
Versions: 148
Dependent Packages: 1,705
Dependent Repositories: 56,633
Downloads: 183,556,408 Last month
Docker Downloads: 2,286,374,267
Rankings:
- Dependent packages count: 0.045%
- Docker downloads count: 0.057%
- Downloads: 0.059%
- Dependent repos count: 0.128%
- Average: 0.441%
- Stargazers count: 0.931%
- Forks count: 1.424%
Maintainers (1)
- cure53
Advisories:

bower.io: dompurify

A DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG

Homepage: https://github.com/cure53/DOMPurify
Licenses: ["MPL-2.0", "Apache-2.0"]
Latest release: 3.3.1 (published 6 months ago)
Last Synced: 2026-03-10T19:47:04.075Z (3 months ago)
Versions: 133
Dependent Packages: 1
Dependent Repositories: 38
Rankings:
- Stargazers count: 0.612%
- Forks count: 1.468%
- Average: 2.552%
- Dependent repos count: 2.851%
- Dependent packages count: 5.277%

repo1.maven.org: org.webjars.npm:dompurify

WebJar for dompurify

Homepage: https://www.webjars.org
Documentation: https://appdoc.app/artifact/org.webjars.npm/dompurify/
Licenses: MPL-2.0,Apache-2.0
Latest release: 3.4.3 (published about 1 month ago)
Last Synced: 2026-06-17T08:00:42.799Z (3 days ago)
Versions: 65
Dependent Packages: 16
Dependent Repositories: 6
Rankings:
- Stargazers count: 2.674%
- Dependent packages count: 3.857%
- Average: 5.903%
- Forks count: 7.164%
- Dependent repos count: 9.917%

repo1.maven.org: org.webjars.bower:dompurify

WebJar for dompurify

Homepage: http://webjars.org
Documentation: https://appdoc.app/artifact/org.webjars.bower/dompurify/
Licenses: MPL-2.0,Apache-2.0
Latest release: 1.0.7 (published almost 8 years ago)
Last Synced: 2026-06-17T08:00:57.593Z (3 days ago)
Versions: 4
Dependent Packages: 3
Dependent Repositories: 0
Rankings:
- Stargazers count: 2.311%
- Forks count: 5.998%
- Average: 14.298%
- Dependent packages count: 16.904%
- Dependent repos count: 31.98%

npmjs.org: @brokenglassinmyfeet/dompurifyplusplus

DOMPurifyPlusPlus is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.

Homepage: https://github.com/cure53/DOMPurify#readme
Licenses: MIT
Latest release: 3.2.0 (published over 1 year ago)
Last Synced: 2026-06-17T08:00:41.989Z (3 days ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Downloads: 27 Last month
Rankings:
- Stargazers count: 0.719%
- Forks count: 1.162%
- Average: 16.106%
- Dependent repos count: 25.545%
- Dependent packages count: 36.999%
Maintainers (1)
- brokenglassinmyfeet

repo1.maven.org: org.webjars.bowergithub.cure53:dompurify

WebJar for DOMPurify

Homepage: https://www.webjars.org
Documentation: https://appdoc.app/artifact/org.webjars.bowergithub.cure53/dompurify/
Licenses: MPL-2.0,Apache-2.0
Latest release: 2.3.3 (published over 4 years ago)
Last Synced: 2026-06-17T08:00:38.528Z (3 days ago)
Versions: 13
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Stargazers count: 2.311%
- Forks count: 5.998%
- Average: 22.287%
- Dependent repos count: 31.98%
- Dependent packages count: 48.86%

repo1.maven.org: org.webjars.bower:DOMPurify

WebJar for DOMPurify

Homepage: http://webjars.org
Documentation: https://appdoc.app/artifact/org.webjars.bower/DOMPurify/
Licenses: MIT
Latest release: 0.6.2 (published about 11 years ago)
Last Synced: 2026-06-17T08:00:54.206Z (3 days ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Stargazers count: 2.311%
- Forks count: 5.998%
- Average: 22.287%
- Dependent repos count: 31.98%
- Dependent packages count: 48.86%

repo1.maven.org: org.mvnpm:dompurify

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

Homepage: https://github.com/cure53/DOMPurify
Documentation: https://appdoc.app/artifact/org.mvnpm/dompurify/
Licenses: (MPL-2.0 OR Apache-2.0)
Latest release: 3.4.3 (published about 1 month ago)
Last Synced: 2026-06-17T08:00:48.621Z (3 days ago)
Versions: 20
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 31.655%
- Average: 38.455%
- Dependent packages count: 45.256%

ubuntu-24.10: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Licenses:
Latest release: 3.0.9+dfsg+~3.0.5-1 (published 4 months ago)
Last Synced: 2026-03-10T20:29:18.802Z (3 months ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

debian-13: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Documentation: https://packages.debian.org/trixie/node-dompurify
Licenses:
Latest release: 3.1.7+dfsg+~3.0.5-2 (published 4 months ago)
Last Synced: 2026-03-14T07:03:12.855Z (3 months ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

ubuntu-23.04: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Licenses:
Latest release: 2.4.1+dfsg+~2.4.0-1 (published 4 months ago)
Last Synced: 2026-03-11T22:42:56.305Z (3 months ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

ubuntu-23.10: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Licenses:
Latest release: 2.4.1+dfsg+~2.4.0-1 (published 4 months ago)
Last Synced: 2026-03-14T09:19:24.029Z (3 months ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

ubuntu-22.04: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Licenses:
Latest release: 2.3.3+dfsg-1 (published 4 months ago)
Last Synced: 2026-03-10T19:41:20.339Z (3 months ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

ubuntu-24.04: node-dompurify

Homepage: https://github.com/cure53/DOMPurify
Licenses:
Latest release: 3.0.9+dfsg+~3.0.5-1 (published 4 months ago)
Last Synced: 2026-03-10T19:41:12.104Z (3 months ago)
Versions: 1
Dependent Packages: 0
Dependent Repositories: 0
Rankings:
- Dependent repos count: 0.0%
- Dependent packages count: 0.0%
- Average: 100%

Dependencies

package-lock.json npm

758 dependencies

package.json npm

@babel/core ^7.17.8 development
@babel/preset-env ^7.16.11 development
@rollup/plugin-babel ^5.3.1 development
@rollup/plugin-commonjs ^21.0.3 development
@rollup/plugin-node-resolve ^13.1.3 development
@rollup/plugin-replace ^4.0.0 development
cross-env ^7.0.3 development
eslint-config-prettier ^8.5.0 development
eslint-plugin-prettier ^4.0.0 development
jquery ^3.6.0 development
jsdom ^19.0.0 development
karma ^6.3.17 development
karma-browserstack-launcher ^1.5.1 development
karma-chrome-launcher ^3.1.0 development
karma-firefox-launcher ^2.1.2 development
karma-qunit ^4.1.2 development
karma-rollup-preprocessor ^7.0.8 development
lodash.sample ^4.2.1 development
minimist ^1.2.6 development
npm-run-all ^4.1.5 development
pre-commit ^1.2.2 development
prettier ^2.5.1 development
qunit ^2.4.1 development
qunit-tap ^1.5.0 development
rimraf ^3.0.2 development
rollup ^2.70.1 development
rollup-plugin-includepaths ^0.2.3 development
rollup-plugin-terser ^7.0.2 development
xo ^0.48.0 development

.github/workflows/build-and-test.yml actions

GabrielBB/xvfb-action v1.6 composite
actions/checkout v3 composite
actions/setup-node v3 composite

.github/workflows/codeql-analysis.yml actions

actions/checkout v3 composite
github/codeql-action/analyze v2 composite
github/codeql-action/autobuild v2 composite
github/codeql-action/init v2 composite

typescript/esm-with-no-types/package.json npm

bower.json bower

typescript/esm-with-specific-types/package.json npm

typescript/esm/package.json npm

typescript/package.json npm

dompurify file:..

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Summary