Is libxmljs safe to use?

libxmljs has 3 known vulnerabilities on the latest version (1.0.11). DepScope rates its health at 24/100 (critical risk).

What is the latest version of libxmljs?

The latest version of libxmljs is 1.0.11, released 2023-10-18.

Does libxmljs have known vulnerabilities?

Yes. libxmljs has 3 known vulnerabilities. See depscope.dev/pkg/npm/libxmljs for details.

Is libxmljs deprecated?

No, libxmljs is actively maintained. Latest release: 1.0.11 (2023-10-18).

What are alternatives to libxmljs?

Popular alternatives to libxmljs in npm include: minimatch, wrap-ansi, @types/node, eslint-visitor-keys, ajv.

What license does libxmljs use?

libxmljs is licensed under MIT.

libxmljs

npmv1.0.11

libxml bindings for v8 javascript engine

License MITpermissive55 versions3 maintainers3 deps

ssh://[email protected]/libxmljs/libxmljs

/ 100

Health

do not use

libxmljs has critical vulnerabilities — do not use

Low health score (24/100)
1 high severity vulnerabilities
2 critical vulnerabilities

Health breakdown0 – 100

0/25

maintenance

0/20

popularity

0/25

security

15/15

maturity

9/15

community

Vulnerabilities

2 critical1 high

Advisories (3)

Severity	ID	Summary	Fixed in
critical	CVE-2024-34391	libxmljs vulnerable to type confusion when parsing specially crafted XML	—
high	CVE-2025-25341	libxmljs has segmentation fault, potentially leading to a denial-of-service (DoS)	—
critical	CVE-2024-34392	libxmljs vulnerable to type confusion when parsing specially crafted XML	—

Bundle & TypeScript

🌟

TypeScript

10/10typed

bundled

Health History

Dependency Tree

License Audit

Dependencies (3)

@mapbox/node-pre-gyp bindings nan

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/npm/libxmljs