HTML Minifier is a popular JavaScript-based tool designed to reduce the size of HTML files through various configurable minification techniques. Version 3.5.21, released on October 25, 2018, builds upon the previous stable version 3.5.20, released on August 19, 2018. While the core functionality remains consistent—offering a highly configurable and well-tested solution for HTML minification—a key difference lies in the dependency updates. Specifically, version 3.5.21 upgrades the he dependency from version 1.1.x to 1.2.x. This update likely addresses bug fixes or enhancements within the he library, which handles HTML entity encoding and decoding. Developers should investigate the changelog for he to understand the specific changes.
The html-minifier boasts a solid set of features, including customizable options for removing comments, whitespace, and other unnecessary characters from HTML code. Developers can fine-tune the minification process to optimize file size without compromising functionality. Both versions 3.5.20 and 3.5.21 rely on dependencies like clean-css for CSS minification and uglify-js for JavaScript minification, ensuring a comprehensive approach to web page optimization. The difference of unpacked size is also significative: 95870 Bytes vs 94429 Bytes. The MIT license ensures freedom in its usage.
All the vulnerabilities related to the version 3.5.21 of the package
kangax html-minifier REDoS vulnerability
A Regular Expression Denial of Service (ReDoS) flaw was found in kangax html-minifier 4.0.0 because of the reCustomIgnore regular expression.
