BLUECARBONS BLUECARBONS Open Source
v1.3.5 MIT License Zero Dependencies

Agentic RSS Parser

An enterprise-grade Node.js library for parsing RSS and Atom feeds — a drop-in rss-parser replacement with agentic analysis, deduplication, enrichment, and native MCP tooling.

Agentic RSS Parser architecture illustration

Why it exists

rss-parser hasn't received a security update since 2022, yet it remains widely used across production agent pipelines. Agentic RSS Parser is a from-scratch rebuild that keeps the API you already know while closing the supply-chain gap — zero runtime dependencies, a custom XML engine, and native LLM adapters built directly on fetch().

Migrate in one line

All existing parseURL, parseString, parseFile, customFields, headers, timeout, and callback-style usage is preserved exactly. The agentic pipeline is an optional layer on top.

// Before
import Parser from 'rss-parser';

// After — zero other changes needed
import Parser from 'agentic-rss-parser';

Core features

Quick start

npm install agentic-rss-parser
import Parser from 'agentic-rss-parser';

const parser = new Parser({ timeout: 10000 });
const feed = await parser.parseURL('https://news.ycombinator.com/rss');

for (const item of feed.items) {
  console.log(`- ${item.title} — ${item.link}`);
}

Agentic pipeline

Run the full fetch → parse → deduplicate → analyse pipeline with zero API key required, using the built-in heuristic engine:

import { runAgenticParser } from 'agentic-rss-parser';

const { results, feedErrors } = await runAgenticParser({
  feedUrls: ['https://news.ycombinator.com/rss'],
  dbPath: './data/rss-agent.db'
});

for (const { item, analysis } of results) {
  if (analysis.decision === 'relevant') {
    console.log(`[${analysis.confidence}%] ${item.title}`);
  }
}

Security posture

Safe to deploy in security-sensitive environments. The production runtime is intentionally small and auditable:

XXE / Billion Laughs

DOCTYPE and ENTITY declarations are ignored; entity expansion is never performed.

XSS mitigation

<script>, <iframe>, <object>, <embed>, <form> stripped from content snippets.

Prompt injection

Feed content is sanitised — control characters stripped, newlines collapsed — before LLM interpolation.

Response size caps

Feed responses capped at 5 MB; LLM responses capped at 1 MB.

SSRF protection

Non-HTTP(S) schemes rejected. Private ranges, loopback, and link-local addresses blocked on every request and redirect hop.

Stack safety

XML is parsed iteratively via a state machine, never recursively — immune to stack overflow attacks.

Requirements

Get involved

Agentic RSS Parser is MIT licensed and developed in the open. Star it, file an issue, or open a pull request.