All projects · JavaScript

DOMPurify by cure53

JavaScript NOASSERTION SECURITY.md

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo

xsssanitizerdomsecurityjavascriptdompurifyprevent-xss-attacksmathmlhtmlsvgcross-site-scripting
Verdict 81/100 health $4.13/mo cheapest, hetzner 2/5 setup difficulty Last release 7 days ago

Self-host DOMPurify on hetzner CAX11 for $4.13/mo.

Deploy DOMPurify on hetzner → View on GitHub
Health score
81 /100
6-dim composite
Self-hosts from
$4.13 /mo
hetzner · CAX11
Difficulty
2 /5
Docker + read README
GitHub stars
17k
843 forks

About DOMPurify

From the project's README at github.com/cure53/DOMPurify. Lightly cleaned for readability; for the full source see the upstream repo.

[](https://www.npmjs.com/package/dompurify) [](https://github.com/cure53/DOMPurify/blob/main/LICENSE) [](https://www.npmjs.com/package/dompurify) [](https://github.com/cure53/DOMPurify/network/dependents)

[](https://cloudback.it) [](https://www.bestpractices.dev/projects/12162) [](https://scorecard.dev/viewer/?uri=github.com/cure53/DOMPurify) [](https://badge.socket.dev/npm/package/dompurify/latest)

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG.

It's also very simple to use and get started with. DOMPurify was started in February 2014 and, meanwh

Health score breakdown

6-dimension composite. See methodology for formula and weights.

activity
90
maturity
100
community
96
security
85
sustainability
88
adoption
37

Adoption signals

Real-world usage data, pulled from each registry. The bigger the numbers, the more battle-tested the project.

SignalValueSource
GitHub stars 17k github.com/cure53/DOMPurify
GitHub forks 843 github.com/cure53/DOMPurify
NPM downloads (last month) 162064k dompurify

Release & maintenance

Is this project actively maintained, or about to die? Check the recency of last commit and last release.

Project age12.2 yearssince Feb 2014
Last commit2 days agoMay 5, 2026
Releases shipped136last: 7 days ago
Security policySECURITY.mddeclared by maintainers
Funding links1declared by maintainers

Self-hosting cost across providers

Detected requirements: 4GB RAM, 40GB disk minimum. Cheapest plan per provider that meets the requirement.

ProviderPlanSpecsMonthly
hetzner CAX11 2c · 4GB · 40GB $4.13 USD Deploy →
vultr VC2 1c · 1GB · 25GB $5 USD Deploy →
linode Nanode 1GB 1c · 1GB · 25GB $5.12 USD Deploy →
digitalocean Basic Regular 1GB 1c · 1GB · 25GB $6 USD Deploy →

Security advisories

18 known advisories tracked via OSV.dev. Most recent: GHSA-h7mw-gpvr-xq4m.

What people say on Hacker News

Ready to self-host DOMPurify?

Spin up a hetzner CAX11 (4GB RAM, 40GB disk) for $4.13/mo and follow the project's official install docs.

Deploy on hetzner → $4.13/mo Read install docs on GitHub

Data last refreshed May 7, 2026.

Similar open-source projects

Projects in our directory that replace the same SaaS or share topics with DOMPurify.

storybook
Storybook is the industry standard workshop for building, documenting, and testing UI components in isolation
★ 89,847 $4.13/mo
three.js
JavaScript 3D Library.
★ 112,304 $4.13/mo
prettier
Prettier is an opinionated code formatter.
★ 51,842 $4.13/mo
parcel
The zero configuration build tool for the web. 📦🚀
★ 44,029 $4.13/mo
globaleaks-whistleblowing-software
GlobaLeaks is a free and open-source whistleblowing software enabling anyone to easily set up and maintain a secure repo
★ 1,476 $4.13/mo
two.js
A renderer agnostic two-dimensional drawing api for the web
★ 8,625 $4.13/mo

Frequently asked questions

Last verified . Data refreshes every 30 minutes.