# Install xss with npm

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist. Version 1.0.15 via npm; verified 2024-03-03.

## Install

```sh
sudo av install npm:xss
```

Additional install commands:

### Portable and language managers

- npm (100%):

```sh
npm install -g xss
```

  Evidence: local npm package metadata

## Package facts

- **Package key:** npm:xss
- **Package manager:** npm
- **Package manager page:** <https://www.npmjs.com/package/xss>
- **Version:** 1.0.15
- **Source summary:** Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
- **Homepage:** <https://github.com/leizongmin/js-xss>
- **Repository:** <https://github.com/leizongmin/js-xss>
- **Upstream docs:** <https://github.com/leizongmin/js-xss>
- **License:** MIT
- **Source archive:** <https://registry.npmjs.org/xss/-/xss-1.0.15.tgz>
- **Issue tracker:** <https://github.com/leizongmin/js-xss/issues>
- **Published:** 2024-03-03T02:33:54.727Z
- **Last updated:** 2024-03-03T02:33:54.727Z
- **Generated:** 2026-07-10T07:20:53+00:00

## Executables

- xss (cli)
- xss (alias)

## Dependencies

- commander
- cssfilter

## Build dependencies

- browserify
- coveralls
- debug
- eslint
- mocha
- nyc
- uglify-js

## Install behavior

- Post-install hook: not defined
- Lifecycle scripts: prepublish
- Bottle: not available

## Freshness

- Page generated: 2026-07-10
- Package-manager version: 1.0.15
- Package-manager updated: 2024-03-03
- Local data: ok
- Upstream repository: https://github.com/leizongmin/js-xss
- warning: The package-manager record has not been updated in over a year.
- info: No cached GitHub release or tag data was available.

## Security Notes

No matching local secret-handling manifest was found for xss. Nucleus package metadata is still published here so future coverage has a stable package URL.


## Source Database Details

- **Source Database:** npm registry
- **Dist Tags:** Latest: 1.0.15
- **Version Count:** 71
- **Maintainers:** leizongmin
- **Author:** Zongmin Lei
- **Publisher:** leizongmin
- **Engines:** Node: >= 0.10.0
- **Integrity:** sha512-FVdlVVC67WOIPvfOwhoMETV72f6GbW7aOabBC3WxN/oUdoEMDyLz4OgRv5/gck2ZeNqEQu+Tb0kloovXOfpYVg==
- **Shasum:** 96a0e13886f0661063028b410ed1b18670f4e59a
- **Unpacked Size:** 145,290
- **File Count:** 0
- **Created At:** 2012-09-19T12:13:55.901Z
- **Latest Published At:** 2024-03-03T02:33:54.727Z
- **Modified At:** 2026-02-11T21:44:15.464Z


## Related links

- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched curated package taxonomy and local package facts.
- [npm-audit-html](https://www.automicvault.com/pkg/npm/npm-audit-html/) - Both packages work with overlapping file formats or content types. Shared terms: cli, commander, html, security.
- [snyk-to-html](https://www.automicvault.com/pkg/npm/snyk-to-html/) - Both packages work with overlapping file formats or content types. Shared terms: cli, commander, html, security.
- [uuid-apikey](https://www.automicvault.com/pkg/npm/uuid-apikey/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, commander, security, validator.

## Sources

- Nucleus package database
- package-page enrichment
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
