About
Community
www.hilton.com
151 packages
Last scanned on Sep 1 at 03:38 PM
Update
Name
Size
Popularity
Severity
sanitize-html
2.4.0
Vulnerable
Outdated
Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis
Script
https://www.hilton.com/dx_cpm_app/_next/static/chunks/672-a31a529aefd52c00.js
License
MIT
Footprint
7 KB
Vulnerabilities
Moderate
GHSA-rm97-x556-q36h
sanitize-html Information Exposure vulnerability
Affected versions >=0 <2.12.1
High
GHSA-cgfm-xwp7-2cvr
Sanitize-html Vulnerable To REDoS Attacks
Affected versions >=0 <2.7.1
Matched Modules
Version distribution in production
30
2.4.0
26
2.5.0
25
2.7.0
25
2.7.2
24
2.7.3
20
2.6.1
Also used on 164 websites
grammarly.com
66 packages
zappos.com
139 packages
patreon.com
108 packages
istockphoto.com
32 packages
Repository
Homepage
More
html
parser
sanitizer
sanitize
+15
tslib
1.2.0 - 2.6.2
Runtime library for TypeScript helper functions
TypeScript
Microsoft
compiler
language
javascript
+2
+5
escape-string-regexp
4.0.0
Outdated
Escape RegExp special characters
escape
regex
regexp
regular
expression
+3
sindresorhus
uuid
8.3.2
Outdated
RFC4122 (v1, v4, and v5) UUIDs
uuid
guid
rfc4122
isarray
1.0.0 - 2.0.5
Array#isArray for older browsers
browser
isarray
array
juliangruber
react-is
18.1.0
Outdated
Brand checking of React Elements.
react
+1
form-data
2.1.2 - 4.0.0
A library to create readable "multipart/form-data" streams. Can be used to submit forms and file uploads to other web applications.
+2
postcss
x.x.x
Tool for transforming styles with JS plugins
css
postcss
rework
preprocessor
parser
+4
ai
buffer
5.7.1
Outdated
Node.js Buffer API, for the browser
arraybuffer
browser
browserify
buffer
compatible
+2
feross
picocolors
0.2.0 - 1.0.0
The tiniest and the fastest library for terminal output formatting with ANSI colors
terminal
colors
formatting
cli
console
alexeyraspopov
entities
2.2.0
Outdated
Encode & decode XML and HTML entities with ease & speed
entity
decoding
encoding
html
xml
+1
feedic
@babel/runtime
7.18.2 - 7.18.3
Outdated
babel's modular runtime helpers
+1
get-intrinsic
1.1.3
Outdated
Get and robustly cache all JS language-level intrinsics at first require time
javascript
ecmascript
es
js
intrinsic
+2
ljharb
function-bind
1.1.1
Outdated
Implementation of Function.prototype.bind
function
bind
shim
es5
lodash
4.17.21
Lodash modular utilities.
modules
stdlib
util
axios
1.2.2
Outdated
Promise based HTTP client for the browser and node.js
xhr
http
ajax
promise
node
+1
cookie
0.4.1
Outdated
HTTP server cookie parsing and serialization
cookie
cookies
dougwilson
call-bind
1.0.2
Outdated
Robustly `.call.bind()` a function
javascript
ecmascript
es
js
callbind
+8
ljharb
object-inspect
1.12.2
Outdated
string representations of objects in node and the browser
inspect
util.inspect
object
stringify
pretty
has-symbols
1.0.2 - 1.0.3
Determine if the JS environment has Symbol support. Supports spec, or shams.
Symbol
symbols
typeof
sham
polyfill
+3
ljharb
ieee754
1.2.0 - 1.2.1
Read/write IEEE754 floating point numbers from/to a Buffer or array-like object
IEEE 754
buffer
convert
floating point
ieee754
feross
side-channel
1.0.4
Outdated
Store information about any JS value in a side channel. Uses WeakMap if available.
weakmap
map
side
channel
metadata
ljharb
is-plain-object
5.0.0
Returns true if an object was created by the `Object` constructor, or Object.create(null).
check
is
is-object
isobject
javascript
+7
has-property-descriptors
1.0.0
Outdated
Does the environment have full property descriptor support? Handles IE 8's broken defineProperty/gOPD.
property
descriptors
has
environment
env
+2
ljharb
domutils
2.8.0
Outdated
Utilities for working with htmlparser2's dom
dom
htmlparser2
feedic
es-abstract
1.18.7 - 1.20.4
Outdated
ECMAScript spec abstract operations.
ECMAScript
ES
abstract
operation
abstract operation
+4
ljharb
base64-js
1.5.1
Base64 encoding/decoding in pure JS
base64
define-properties
1.1.4
Outdated
Define multiple non-enumerable properties at once. Uses `Object.defineProperty` when available; falls back to standard assignment in older engines.
Object.defineProperty
Object.defineProperties
object
property descriptor
descriptor
+2
ljharb
dom-serializer
1.3.2 - 1.4.1
Outdated
render domhandler DOM nodes to a string
html
xml
render
feedic
is-callable
1.2.7
Is this JS value callable? Works with Functions and GeneratorFunctions, despite ES6 @@toStringTag.
Function
function
callable
generator
generator function
+5
ljharb
nanoid
3.3.0 - 3.3.4
Outdated
A tiny (116 bytes), secure URL-friendly unique string ID generator
uuid
random
id
url
ai
domhandler
4.3.1
Outdated
Handler for htmlparser2 that turns pages into a dom
dom
htmlparser2
feedic
has-tostringtag
1.0.0
Outdated
Determine if the JS environment has `Symbol.toStringTag` support. Supports spec, or shams.
javascript
ecmascript
symbol
symbols
tostringtag
+1
ljharb
events
3.3.0
Node's event emitter for all engines.
events
eventEmitter
eventDispatcher
listeners
which-typed-array
1.1.6 - 1.1.9
Outdated
Which kind of Typed Array is this JavaScript value? Works cross-realm, without `instanceof`, and despite Symbol.toStringTag.
array
TypedArray
typed array
which
typed
+13
ljharb
object-keys
1.1.1
An Object.keys replacement, in case Object.keys is not available. From https://github.com/es-shims/es5-shim
Object.keys
keys
ES5
shim
ljharb
regexp.prototype.flags
1.4.3
Outdated
ES6 spec-compliant RegExp.prototype.flags shim.
RegExp.prototype.flags
regex
regular expression
ES6
shim
+6
ljharb
deepmerge
4.2.2
Outdated
A library for deep (recursive) merging of Javascript objects
merge
deep
extend
copy
clone
+1
tehshrike
domelementtype
2.2.0 - 2.3.0
all the types of nodes in htmlparser2's dom
dom
element
types
htmlparser2
feedic
is-typed-array
1.1.7 - 1.1.10
Outdated
Is this value a JS Typed Array? This module works cross-realm/iframe, does not depend on `instanceof` or mutable properties, and despite ES6 Symbol.toStringTag.
array
TypedArray
typed array
is
typed
+13
is-regex
1.1.4
Is this value a JS regex? Works cross-realm/iframe, and despite ES6 @@toStringTag
regex
regexp
is
regular expression
regular
+1
ljharb
available-typed-arrays
1.0.5
Outdated
Returns an array of Typed Array names that are available in the current environment
typed
arrays
Float32Array
Float64Array
Int8Array
+8
ljharb
is-date-object
1.0.5
Is this value a JS Date object? This module works cross-realm/iframe, and despite ES6 @@toStringTag.
Date
ES6
toStringTag
@@toStringTag
Date object
ljharb
is-symbol
1.0.2 - 1.0.4
Determine if a value is an ES6 Symbol or not.
symbol
es6
is
Symbol
ljharb
is-shared-array-buffer
1.0.0 - 1.0.2
Outdated
Is this value a JS SharedArrayBuffer?
javascript
ecmascript
is
sharedarraybuffer
shared
+2
ljharb
is-string
1.0.7
Is this value a JS String object or primitive? This module works cross-realm/iframe, and despite ES6 @@toStringTag.
String
string
ES6
toStringTag
@@toStringTag
+1
ljharb
eventemitter3
3.0.0 - 4.0.7
Outdated
EventEmitter3 focuses on performance while maintaining a Node.js AND browser compatible interface.
EventEmitter
EventEmitter2
EventEmitter3
Events
addEventListener
+10
has-bigints
1.0.2
Determine if the JS environment has BigInt support.
BigInt
bigints
typeof
ES2020
ljharb
content-type
1.0.4
Outdated
Create and parse HTTP Content-Type header
content-type
http
req
res
rfc7231
dougwilson
for-each
0.3.3
A better forEach
is-number-object
1.0.6 - 1.0.7
Is this value a JS Number object? This module works cross-realm/iframe, and despite ES6 @@toStringTag.
Number
ES6
toStringTag
@@toStringTag
Number object
ljharb
is-boolean-object
1.1.2
Is this value a JS Boolean? This module works cross-realm/iframe, and despite ES6 @@toStringTag.
Boolean
ES6
toStringTag
@@toStringTag
Boolean object
+3
ljharb
htmlparser2
6.1.0
Outdated
Fast & forgiving HTML/XML parser
html
parser
streams
xml
dom
+3
feedic
is-bigint
1.0.3 - 1.0.4
Is this value an ES BigInt?
bigint
es
integer
is
ljharb
functions-have-names
1.2.3
Does this JS environment support the `name` property on functions?
function
name
es5
names
functions
+1
ljharb
which-boxed-primitive
1.0.0 - 1.0.2
Which kind of boxed JS primitive is this?
boxed
primitive
object
ecmascript
javascript
+1
ljharb
scheduler
0.21.0 - 0.22.0
Outdated
Cooperative scheduler for the browser environment.
react
+1
has
1.0.2 - 1.0.3
Outdated
Object.prototype.hasOwnProperty.call shortcut
tarruda
emittery
0.7.1 - 0.7.2
Outdated
Simple and modern async event emitter
event
emitter
eventemitter
events
async
+20
sindresorhus
prop-types
15.8.0 - 15.8.1
Runtime type checking for React props and similar objects.
react
is-arguments
1.1.1
Is this an arguments object? It's a harder question than you think.
arguments
js
javascript
is-arguments
is
+1
ljharb
react
18.0.0 - 18.1.0
Outdated
React is a JavaScript library for building user interfaces.
react
+1
process
0.11.10
process information for node.js and browsers
process
react-dom
18.0.0 - 18.1.0
Outdated
React package for working with the DOM.
react
+2
deep-equal
2.2.0
Outdated
node's assert.deepEqual algorithm
equality
equal
compare
ljharb
date-fns
2.29.3
Outdated
Modern JavaScript date utility library
kossnocorp
object-is
1.1.4 - 1.1.5
Outdated
ES2015-compliant shim for Object.is - differentiates between -0 and +0
is
Object.is
equality
sameValueZero
ES6
+4
ljharb
is-set
2.0.1 - 2.0.2
Outdated
Is this value a JS Set? This module works cross-realm/iframe, and despite ES6 @@toStringTag.
map
set
collection
is
robust
ljharb
is-map
2.0.1 - 2.0.2
Outdated
Is this value a JS Map? This module works cross-realm/iframe, and despite ES6 @@toStringTag.
map
set
collection
is
robust
ljharb
hoist-non-react-statics
3.3.2
Copies non-react specific statics from a child component to a parent component
react
mridgway
querystring
0.2.1
Node's querystring module for all engines.
commonjs
query
querystring
cross-fetch
3.1.0 - 3.1.4
Outdated
Universal WHATWG Fetch API for Node, Browsers and React Native
fetch
http
url
promise
async
+11
lquixada
classnames
2.3.0 - 2.3.1
Outdated
A simple utility for conditionally joining classNames together
react
css
classes
classname
classnames
+2
graphql
15.5.1 - 15.6.1
Outdated
A Query Language and Runtime which can target any service.
graphql
graphql-js
+5
es-get-iterator
1.1.1 - 1.1.2
Outdated
Get an iterator for any JS language value. Works robustly across all environments, all versions.
iterator
Symbol.iterator
iterable
collection
next
+1
ljharb
klona
2.0.5
Outdated
A tiny (240B to 501B) and fast utility to "deep clone" Objects, Arrays, Dates, RegExps, and more!
clone
copy
deep
extend
recursive
+1
lukeed
reflect-metadata
0.1.13
Outdated
Polyfill for Metadata Reflection API
decorator
metadata
javascript
reflect
rbuckton
lodash-es
4.17.21
Lodash exported as ES modules.
es6
modules
stdlib
util
use-sync-external-store
1.0.0 - 1.2.0
Outdated
Backwards compatible shim for React's useSyncExternalStore. Works with any React that supports hooks.
fbjs
0.8.16 - 0.8.18
Outdated
A collection of utility libraries used by other Facebook JS projects
+5
@xmldom/xmldom
0.7.0 - 0.7.2
Outdated
A pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module.
w3c
dom
xml
parser
javascript
+3
karfau
next
x.x.x
The React Framework
graphql-tag
2.12.2 - 2.12.5
Outdated
A JavaScript template literal tag that parses GraphQL queries
debounce
1.2.0 - 1.2.1
Outdated
Delay function calls until a set time elapses after the last invocation
debounce
debouncing
function
throttle
invoke
+6
sindresorhus
react-remove-scroll
2.5.0 - 2.5.3
Outdated
Disables scroll outside of `children` node.
scroll
kashey
resize-observer-polyfill
1.5.1
A polyfill for the Resize Observer API
ResizeObserver
resize
observer
util
client
+3
que-etc
use-callback-ref
1.3.0
Outdated
The same useRef, but with callback
react
hook
useRef
createRef
merge refs
kashey
use-sidecar
1.1.1 - 1.1.2
Sidecar code splitting utils
code spliting
react
sidecar
kashey
react-remove-scroll-bar
2.3.0 - 2.3.1
Outdated
Removes body scroll without content _shake_
scroll
kashey
i18next
21.10.0 - 22.0.7
Outdated
i18next internationalization framework
i18next
internationalization
i18n
translation
localization
+3
react-style-singleton
2.2.0 - 2.2.1
Just create a single stylesheet...
react
style
css
kashey
get-nonce
1.0.0 - 1.0.1
returns nonce
webpack
nonce
__webpack_nonce__
kashey
react-hook-form
7.29.0 - 7.45.4
Outdated
Performant, flexible and extensible forms library for React Hooks
react
hooks
form
forms
form-validation
+3
bluebill1049
markdown-to-jsx
7.1.4 - 7.1.5
Outdated
Convert markdown to JSX with ease for React and React-like projects. Super lightweight and highly configurable.
markdown
markdown converter
react
preact
jsx
+1
react-error-boundary
4.0.10 - 4.0.11
Outdated
Simple reusable React error boundary component
tabbable
4.0.0
Outdated
Returns an array of all tabbable DOM nodes within a containing node.
react-i18next
11.18.5 - 12.1.5
Outdated
Internationalization for react done right. Using the i18next i18n ecosystem.
i18next
internationalization
i18n
translation
localization
+4
date-fns-tz
1.0.10
Outdated
Time zone support for date-fns v3 with the Intl API
date-fns
timezone
time zone
date
time
+3
marnusw
@turf/helpers
6.0.0 - 6.0.1
Outdated
turf helpers module
geo
point
turf
geojson
+4
focus-lock
0.11.0 - 0.11.2
Outdated
DOM trap for a focus
focus
trap
vanilla
kashey
react-focus-lock
2.9.0 - 2.9.1
Outdated
It is a trap! (for a focus)
react
focus
lock
trap
tabbable
kashey
react-clientside-effect
1.2.5 - 1.2.6
Create components whose prop changes map to a global side effect
react
component
side
effect
kashey
@turf/invariant
6.2.0 - 6.5.0
turf invariant module
turf
invariant
expectations
+4
parse-srcset
1.0.0 - 1.0.2
A spec-conformant JavaScript parser for the HTML5 srcset attribute
albell
react-intersection-observer
9.5.0 - 9.5.2
Outdated
Monitor if a component is inside the viewport, using IntersectionObserver API
react
component
hooks
viewport
intersection
+5
thebuilder
lit-element
3.0.0
Outdated
A simple base class for creating fast, lightweight web components
+11
xstate
4.7.0 - 4.38.2
Outdated
Finite State Machines and Statecharts for the Modern Web.
statechart
state machine
finite state machine
finite automata
scxml
+2
antd
4.5.0 - 4.7.2
Outdated
An enterprise-class UI design language and React components implementation
ant
component
components
design
framework
+4
+4
universal-cookie
4.0.4
Outdated
Universal cookies for JavaScript
universal
isomophic
cookie
exon
react-query
4.0.0
Outdated
Hooks for managing, caching and syncing asynchronous and remote data in React
redux-saga
0.15.4 - 0.16.2
Outdated
Saga middleware for Redux to handle Side Effects
javascript
redux
middleware
saga
effects
+1
i18next-http-backend
1.2.3 - 1.2.8
Outdated
i18next-http-backend is a backend layer for i18next using in Node.js, in the browser and for Deno.
i18next
i18next-backend
i18next-http-backend
@reach/utils
0.16.0
Outdated
Internal, shared utilities for Reach UI.
+1
inversify
5.1.1
Outdated
A powerful and lightweight inversion of control container for JavaScript and Node.js apps powered by TypeScript.
dependency injection
dependency inversion
di
inversion of control container
ioc
+3
@chakra-ui/utils
1.0.0 - 2.0.15
Common utilities and types for Chakra UI
@reach/portal
0.16.2
Outdated
Declarative portals for React
+1
credit-card-type
9.1.0
Outdated
A library for determining credit card type
braintree
@reach/observe-rect
1.2.0
Observe the Rect of a DOM element.
+1
bezier-easing
2.1.0
BezierEasing provides Cubic Bezier Curve easing which generalizes easing functions exactly like in CSS Transitions.
cubic-bezier
bezier
easing
interpolation
animation
+2
gre
@reach/auto-id
0.16.0
Outdated
Autogenerate IDs to facilitate WAI-ARIA and server rendering.
+1
next-i18next
12.0.0 - 13.0.2
Outdated
The easiest way to translate your NextJs apps.
react
i18next
nextjs
next
translation
+3
@reach/rect
0.16.0 - 0.17.0
Outdated
Measure React elements position in the DOM
+1
@reach/descendants
0.16.1
Outdated
A descendant index solution for better accessibility support in compound components
+1
@reach/dialog
0.16.0 - 0.17.0
Outdated
Accessible React Modal Dialog.
+1
@reach/popover
0.15.2 - 0.16.2
Outdated
Render a portal positioned relative to another element.
+1
@reach/combobox
0.16.5
Outdated
Accessible React Combobox (Autocomplete).
+1
tesseract.js
2.0.0 - 4.1.2
Outdated
Pure Javascript Multilingual OCR
+1
react-scroll-parallax
3.0.0 - 3.4.2
Outdated
React hooks and components to create parallax scroll effects for banners, images or any other DOM elements.
react
scroll
effects
parallax
banner
+3
jscottsmith
@swc/helpers
x.x.x
@dx-shared/rule-engine
x.x.x
@turf/distance
x.x.x
@turf/boolean-point-in-polygon
x.x.x
matcher
x.x.x
@tanstack/query-core
x.x.x
@tanstack/react-query
x.x.x
@tanstack/react-query-devtools
x.x.x
@bloomreach/react-sdk
x.x.x
@bloomreach/spa-sdk
x.x.x
@reach/dropdown
x.x.x
@reach/menu-button
x.x.x
card-validator
x.x.x
gopd
x.x.x
is-array-buffer
x.x.x
is-weakmap
x.x.x
is-weakset
x.x.x
parallax-controller
x.x.x
@tanem/svg-injector
x.x.x
react-svg
x.x.x
ts-keycode-enum
x.x.x
which-collection
x.x.x
object-inspect|.
x.x.x
Popular search queries
webpack.js.org
url
react-scripts
react
lottie-api
react-helmet-async
+7 packages
github.com
color-convert
@headlessui/react
hoist-non-react-statics
reactstrap
lit-html
+60 packages
pinterest.com
lodash
relay-runtime
react-relay
react-use
lodash-es
+51 packages
Popular packages
react
React is a JavaScript library for building user interfaces.
+6 634 websites
core-js
Standard library
+10 238 websites
es5-ext
ECMAScript extensions and shims
+10 229 websites
@babel/runtime
babel's modular runtime helpers
+8 352 websites
lodash
Lodash modular utilities.
+4 826 websites
axios
Promise based HTTP client for the browser and node.js
+4 742 websites