{"id":12693,"library":"xpath.js","title":"xpath.js","description":"xpath.js is a pure JavaScript implementation of the XPath 1.0 specification, designed for use in Node.js environments. Published as version 1.1.0, this library is XML engine agnostic, meaning it requires an external DOM parser (like `xmldom`) to process XML documents. The project's GitHub repository indicates its last commit was approximately five years ago, suggesting it is no longer actively maintained. As such, it primarily supports older Node.js versions and CommonJS modules. Its key differentiator was its pure JavaScript implementation, making it suitable for environments where native XML parsing capabilities were limited, but more modern and actively maintained XPath libraries exist today.","status":"abandoned","version":"1.1.0","language":"javascript","source_language":"en","source_url":"https://github.com/yaronn/xpath.js","tags":["javascript","xpath","xml"],"install":[{"cmd":"npm install xpath.js","lang":"bash","label":"npm"},{"cmd":"yarn add xpath.js","lang":"bash","label":"yarn"},{"cmd":"pnpm add xpath.js","lang":"bash","label":"pnpm"}],"dependencies":[{"reason":"xpath.js is XML engine agnostic and requires an external DOM parser to create the document object model that it operates on. xmldom is explicitly recommended and commonly used for this purpose.","package":"xmldom","optional":false}],"imports":[{"note":"This package is an older, CommonJS-first module. While modern bundlers might transpile `import select from 'xpath.js'`, the native import syntax for named exports (`import { select } from 'xpath.js'`) is incorrect as the package exports a default function. For Node.js, `require('xpath.js')` is the direct and intended usage.","wrong":"import { select } from 'xpath.js';","symbol":"select","correct":"import select from 'xpath.js'; // Requires transpilation or CommonJS fallback\nconst select = require('xpath.js');"}],"quickstart":{"code":"const select = require('xpath.js');\nconst dom = require('xmldom').DOMParser;\n\n// Install xmldom: npm install xmldom\n\nconst xml = \"<book><title>Harry Potter</title><author>J.K. Rowling</author></book>\";\nconst doc = new dom().parseFromString(xml, 'text/xml');\n\n// Select the title node\nconst titleNodes = select(doc, \"//title\");\nconsole.log('Title node:', titleNodes[0].localName + \": \" + titleNodes[0].firstChild.data);\n\n// Get text value directly\nconst titleText = select(doc, \"//title/text()\")[0].data;\nconsole.log('Title text:', titleText);\n\n// Select an attribute value\nconst xmlWithAttr = \"<book author='J. K. Rowling'><title>Harry Potter</title></book>\";\nconst docWithAttr = new dom().parseFromString(xmlWithAttr, 'text/xml');\nconst author = select(docWithAttr, \"/book/@author\")[0].value;\nconsole.log('Author attribute:', author);","lang":"javascript","description":"This quickstart demonstrates how to parse an XML string using `xmldom` and then use `xpath.js` to select nodes, extract text content, and retrieve attribute values using XPath 1.0 expressions."},"warnings":[{"fix":"For Node.js environments, use `const select = require('xpath.js');`. If you require ESM, consider using a bundler (like Webpack or Rollup) or evaluate more modern XPath libraries that offer native ESM support.","message":"This package is an older CommonJS module (v1.1.0) and does not support native ES Modules (ESM) syntax (`import ... from '...'`) without transpilation. Directly using `import` statements in a native ESM context will result in a runtime error.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Ensure your XPath expressions conform to the XPath 1.0 specification. For more advanced querying needs, consider alternative, more actively maintained XPath 2.0/3.x libraries or parsing methods.","message":"The `xpath.js` library is based on XPath 1.0, which means it lacks many features introduced in XPath 2.0 and 3.x, such as advanced data types, sequences, user-defined functions, and JSON support.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Assess the risks of using an unmaintained library. For critical applications, consider migrating to an actively maintained XPath library. Regularly review `npm audit` for any reported vulnerabilities, though updates are unlikely.","message":"The `xpath.js` GitHub repository has not seen activity in approximately five years, indicating the package is abandoned. This means there will be no new features, bug fixes, or security updates, potentially leading to compatibility issues with newer Node.js versions or unaddressed vulnerabilities.","severity":"breaking","affected_versions":">=1.0.0"},{"fix":"Always sanitize and validate any user input that is incorporated into XPath expressions. Implement strict input filtering, use parameterized queries if available (not directly supported by this library, so manual sanitization is crucial), and restrict error messages to prevent information disclosure. Consider libraries designed to mitigate injection risks if user input is unavoidable.","message":"Using XPath to query user-supplied XML or allowing user input directly into XPath expressions without proper sanitization can lead to XPath Injection vulnerabilities. This is analogous to SQL Injection and can allow attackers to read unauthorized data or manipulate application logic.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Ensure your environment is set up for CommonJS modules, or use a bundler (like Webpack) to transpile the code for ESM. For native Node.js ESM, this package is not directly compatible. Alternatively, change your file extension to `.cjs` if using Node.js modules.","cause":"Attempting to use `require()` in a JavaScript module (ESM) context or a browser without a CommonJS loader.","error":"ReferenceError: require is not defined"},{"fix":"Always check if the result array from `select()` is not empty and contains the expected elements before attempting to access properties like `[0].localName` or `[0].data`. For example: `const nodes = select(doc, '//nonexistent'); if (nodes.length > 0) { console.log(nodes[0].localName); }`","cause":"This error typically occurs when an XPath expression doesn't match any nodes, resulting in an empty array or `undefined` being accessed without a check.","error":"TypeError: Cannot read properties of undefined (reading 'localName')"},{"fix":"Ensure that the XML document is successfully parsed into a DOM structure using a library like `xmldom` before passing it to `xpath.js`. Verify that `new dom().parseFromString(xml, 'text/xml')` returns a valid document object.","cause":"`xpath.js` expects a DOM `Node` object (typically an `Element` or `Document`) as its first argument. This error indicates that the provided argument is not a valid Node instance, often because the XML parsing failed or an incorrect object was passed.","error":"Error: Document not an instance of Node"}],"ecosystem":"npm"}