
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
@mobisys/query-string
Advanced tools
Parse and stringify URL query strings
This is a fork of Sindre Sorhus' query string parser & stringifier with zero runtime dependencies.
Includes CommonJS Module (lib
), ES Module (lib-esm
) and UMD bundles (bundle
).
$ npm install @mobisys/query-string
const queryString = require('query-string');
console.log(location.search);
//=> '?foo=bar'
const parsed = queryString.parse(location.search);
console.log(parsed);
//=> {foo: 'bar'}
console.log(location.hash);
//=> '#token=bada55cafe'
const parsedHash = queryString.parse(location.hash);
console.log(parsedHash);
//=> {token: 'bada55cafe'}
parsed.foo = 'unicorn';
parsed.ilike = 'pizza';
const stringified = queryString.stringify(parsed);
//=> 'foo=unicorn&ilike=pizza'
location.search = stringified;
// note that `location.search` automatically prepends a question mark
console.log(location.search);
//=> '?foo=unicorn&ilike=pizza'
Parse a query string into an object. Leading ?
or #
are ignored, so you can pass location.search
or location.hash
directly.
The returned object is created with Object.create(null)
and thus does not have a prototype
.
Type: boolean
Default: true
Decode the keys and values. URI components are decoded with decode-uri-component
.
Type: string
Default: 'none'
Supports both index
for an indexed array representation or bracket
for a bracketed array representation.
bracket
: stands for parsing correctly arrays with bracket representation on the query string, such as:queryString.parse('foo[]=1&foo[]=2&foo[]=3', {arrayFormat: 'bracket'});
//=> foo: [1,2,3]
index
: stands for parsing taking the index into account, such as:queryString.parse('foo[0]=1&foo[1]=2&foo[3]=3', {arrayFormat: 'index'});
//=> foo: [1,2,3]
none
: is the default option and removes any bracket representation, such as:queryString.parse('foo=1&foo=2&foo=3');
//=> foo: [1,2,3]
Stringify an object into a query string, sorting the keys.
Type: boolean
Default: true
Strictly encode URI components adhering to RFC 3986. It uses encodeURIComponent if set to false.
Type: boolean
Default: true
URL encode the keys and values.
Type: string
Default: 'none'
Supports both index
for an indexed array representation or bracket
for a bracketed array representation.
bracket
: stands for parsing correctly arrays with bracket representation on the query string, such as:queryString.stringify({foo: [1,2,3]}, {arrayFormat: 'bracket'});
// => foo[]=1&foo[]=2&foo[]=3
index
: stands for parsing taking the index into account, such as:queryString.stringify({foo: [1,2,3]}, {arrayFormat: 'index'});
// => foo[0]=1&foo[1]=2&foo[3]=3
none
: is the default option and removes any bracket representation, such as:queryString.stringify({foo: [1,2,3]});
// => foo=1&foo=2&foo=3
Type: Function
boolean
Supports both Function
as a custom sorting function or false
to disable sorting.
const order = ['c', 'a', 'b'];
queryString.stringify({ a: 1, b: 2, c: 3}, {
sort: (m, n) => order.indexOf(m) >= order.indexOf(n)
});
// => 'c=3&a=1&b=2'
queryString.stringify({ b: 1, c: 2, a: 3}, {sort: false});
// => 'c=3&a=1&b=2'
If omitted, keys are sorted using Array#sort
, which means, converting them to strings and comparing strings in Unicode code point order.
Extract a query string from a URL that can be passed into .parse()
.
Extract the URL and the query string as an object.
The options
are the same as for .parse()
.
Returns an object with a url
and query
property.
queryString.parseUrl('https://foo.bar?foo=bar');
//=> {url: 'https://foo.bar', query: {foo: 'bar'}}
This module intentionally doesn't support nesting as it's not spec'd and varies between implementations, which causes a lot of edge cases.
You're much better off just converting the object to a JSON string:
queryString.stringify({
foo: 'bar',
nested: JSON.stringify({
unicorn: 'cake'
})
});
//=> 'foo=bar&nested=%7B%22unicorn%22%3A%22cake%22%7D'
However, there is support for multiple instances of the same key:
queryString.parse('likes=cake&name=bob&likes=icecream');
//=> {likes: ['cake', 'icecream'], name: 'bob'}
queryString.stringify({color: ['taupe', 'chartreuse'], id: '515'});
//=> 'color=chartreuse&color=taupe&id=515'
Sometimes you want to unset a key, or maybe just make it present without assigning a value to it. Here is how falsy values are stringified:
queryString.stringify({foo: false});
//=> 'foo=false'
queryString.stringify({foo: null});
//=> 'foo'
queryString.stringify({foo: undefined});
//=> ''
MIT © Sindre Sorhus
MIT © 2018 Sefa Ilkimen
FAQs
Parse and stringify URL query strings
The npm package @mobisys/query-string receives a total of 0 weekly downloads. As such, @mobisys/query-string popularity was classified as not popular.
We found that @mobisys/query-string demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.