Skip to main content

NodeJS

Package tarballs are available on https://cdn.sheetjs.com.

https://cdn.sheetjs.com/xlsx-0.20.0/xlsx-0.20.0.tgz is the URL for version 0.20.0

Installation

Tarballs can be directly installed using a package manager:

yarn add https://cdn.sheetjs.com/xlsx-0.20.0/xlsx-0.20.0.tgz

Watch the repo or subscribe to the RSS feed to be notified when new versions are released!

Snyk Bugs

Snyk security tooling may report errors involving "Prototype Pollution":

Prototype Pollution [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-XLSX-5457926]

As noted in the Snyk report:

The issue is resolved in version 0.19.3

Snyk is falsely reporting vulnerabilities. It is a bug in the Snyk tooling.

Until Snyk fixes the bugs, the official recommendation is to suppress the warning.

Legacy Endpoints

Older releases are technically available on the public npm registry as xlsx, but the registry is out of date. The latest version on that registry is 0.18.5

This is a known registry bug

The SheetJS CDN https://cdn.sheetjs.com/ is the authoritative source for SheetJS modules.

For existing projects, the easiest approach is to uninstall and reinstall:

yarn remove xlsx
yarn add https://cdn.sheetjs.com/xlsx-0.20.0/xlsx-0.20.0.tgz

When the xlsx library is a dependency of a dependency, the overrides field in package.json can control module resolution:

package.json
{
  "overrides": {
    "xlsx": "https://cdn.sheetjs.com/xlsx-0.20.0/xlsx-0.20.0.tgz"
  }
}

Vendoring

For general stability, "vendoring" modules is the recommended approach:

1) Download the tarball (xlsx-0.20.0.tgz) for the desired version. The current version is available at https://cdn.sheetjs.com/xlsx-0.20.0/xlsx-0.20.0.tgz

2) Create a vendor subfolder at the root of your project and move the tarball to that folder. Add it to your project repository.

3) Install the tarball using a package manager:

yarn add file:vendor/xlsx-0.20.0.tgz

The package will be installed and accessible as xlsx.

Usage

The package supports CommonJS require and ESM import module systems.

It is strongly recommended to use CommonJS in NodeJS.

CommonJS require

By default, the module supports require and it will automatically add support for streams and file system access:

var XLSX = require("xlsx");

ESM import

The module also ships with xlsx.mjs for use with import. The mjs version does not automatically load native node modules, so they must be added manually:

import * as XLSX from 'xlsx';

/* load 'fs' for readFile and writeFile support */
import * as fs from 'fs';
XLSX.set_fs(fs);

/* load 'stream' for stream support */
import { Readable } from 'stream';
XLSX.stream.set_readable(Readable);

/* load the codepage support library for extended support with older formats  */
import * as cpexcel from 'xlsx/dist/cpexcel.full.mjs';
XLSX.set_cptable(cpexcel);

NextJS

fs cannot be imported from the top level in NextJS pages. This will not work:

/* it is safe to import the library from the top level */
import { readFile, utils, set_fs } from 'xlsx';
/* it is not safe to import 'fs' from the top level ! */
import * as fs from 'fs'; // this import will fail
set_fs(fs);

fs should be loaded with a dynamic import within a lifecycle function:

index.js
/* it is safe to import the library from the top level */
import { readFile, utils, set_fs } from 'xlsx';
import { join } from 'path';
import { cwd } from 'process';

export async function getServerSideProps() {
  set_fs(await import("fs")); // dynamically import 'fs' in `getServerSideProps`
  const wb = readFile(join(cwd(), "public", "sheetjs.xlsx"));
  // ...
}

The NextJS demo includes complete examples.