DOMPurify, when run on a server, requires an external DOM implementation such has JSDOM. The current initialization of sanitize will always be undefined for that reason. Correct usage:

import createDOMPurify from 'dompurify'
import {JSDOM} from 'jsdom'

const {sanitize} = createDOMPurify(new JSDOM('').window)

With 0.6.6 there's a new way of sanitizing user input.
https://github.com/kitajs/html#sanitization