Is dompurify safe to use?

dompurify has no known vulnerabilities on the latest version (3.4.1). DepScope rates its health at 67/100 (moderate risk).

What is the latest version of dompurify?

The latest version of dompurify is 3.4.1, released 2026-04-21.

Does dompurify have known vulnerabilities?

No known vulnerabilities on the latest version of dompurify.

Is dompurify deprecated?

No, dompurify is actively maintained. Latest release: 3.4.1 (2026-04-21).

What are alternatives to dompurify?

Popular alternatives to dompurify in npm include: debug, minimatch, ansi-styles, brace-expansion, strip-ansi.

What license does dompurify use?

dompurify is licensed under (MPL-2.0 OR Apache-2.0).

dompurify

npmv3.4.1

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

License (MPL-2.0 OR Apache-2.0)weak copyleft138 versions1 maintainers0 deps

git://github.com/cure53/DOMPurify

/ 100

Health

safe to use

[email protected] is safe to use (health: 67/100)

Health breakdown0 – 100

25/25

maintenance

0/20

popularity

25/25

security

15/15

maturity

2/15

community

Vulnerabilities

none known

Bundle & TypeScript

📦

Bundle Size

23.3 KBminified

8.7 KB gzipped

0 direct dependencies

ESMside effects

🌟

TypeScript

10/10typed

bundled

Quality signals

OSS Criticality

0.75critical

Download trend

stable(+4.6%)

Publish security

npm signed

Health History

Dependency Tree

License Audit

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/dompurify