Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@swimlane/docker-reference

Package Overview
Dependencies
Maintainers
43
Versions
7
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@swimlane/docker-reference

A node.js package to parse docker image reference

latest
Source
npmnpm
Version
2.0.1
Version published
Maintainers
43
Created
Source

Docker-Reference

A small package to parse and work with docker images references.

Getting started

To use docker-reference you should start with creating a Reference instance:

const { Reference } = require('@swimlane/docker-reference');

const imageReference = new Reference({
    domain: 'r.cfcr.io',
    repository: 'codefresh/demochat',
    tag: 'master',
    digest: 'sha256:58fe87ff24d5a3ac35c887dcef82eb619565987c1083282f876c7c2657a5f94e'
});

console.log(imageReference.repositoryUrl); // r.cfcr.io/codefresh/demochat
console.log(imageReference.toString()); // r.cfcr.io/codefresh/demochat:master@sha256:58fe87ff24d5a3ac35c887dcef82eb619565987c1083282f876c7c2657a5f94e

Using parsers

You can also use parser to create your Reference instance:

const { parseQualifiedName } = require('@swimlane/docker-reference');

const imageReference = parseQualifiedName('r.cfcr.io/codefresh/demochat:master@sha256:58fe87ff24d5a3ac35c887dcef82eb619565987c1083282f876c7c2657a5f94e');

console.log(imageReference.domain);     // r.cfcr.io
console.log(imageReference.repository); // codefresh/demochat
console.log(imageReference.tag);        // master
console.log(imageReference.digest);     // sha256:58fe87ff24d5a3ac35c887dcef82eb619565987c1083282f876c7c2657a5f94e

There are 3 parsers in the package:

  • parseQualifiedName:

    This should be use when parsing a string representing a qualified image reference, meaning the string should contain at least the domain and the repository of the image.

  • parseFamiliarName:

    This should be use when parsing a string representing a familiar image reference, meaning the string might not contains the domain part and this case the domain part would become docker.io. Also when the domain is missing and the repository contains only one part the repository would be prefixed with library/.

    This parser would parse all qualified image reference the same as parseQualifiedName parser

  • parseAll:

    This should be use when parsing a string representing a familiar image reference or identifier.

    This parser would parse all qualified image reference the same as parseQualifiedName parser and parse every familiar image reference the same as parseFamiliarName

Grammer for the package

pattaren
referencename [ ":" tag ] [ "@" digest ]
name[domain '/'] path-component ['/' path-component]*
domaindomain-component ['.' domain-component]* [':' port-number]
domain-component`/([a-zA-Z0-9]
port-number/[0-9]+/
path-componentalpha-numeric [separator alpha-numeric]*
alpha-numeric/[a-z0-9]+/
separator`/[_.]
tag/[\w][\w.-]{0,127}/
digestdigest-algorithm ":" digest-hex
digest-algorithmdigest-algorithm-component [ digest-algorithm-separator digest-algorithm-component ]*
digest-algorithm-separator/[+.-_]/
digest-algorithm-component/[A-Za-z][A-Za-z0-9]*/
digest-hex/[0-9a-fA-F]{32,}/ (At least 128 bit digest value)
identifier/[a-f0-9]{64}/
short-identifier/[a-f0-9]{6,64}/

FAQs

Package last updated on 18 May 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique

Research

Malicious fezbox npm Package Steals Browser Passwords from Cookies via Innovative QR Code Steganographic Technique

A malicious package uses a QR code as steganography in an innovative technique.

By Olivia Brown  -  Sep 22, 2025