Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
hosted-git-info
Advanced tools
Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab
The hosted-git-info npm package is a utility for working with Git repository metadata. It allows you to parse and transform various Git repository URLs into a normalized format, extract specific parts of the URL, and generate URLs for different purposes such as cloning or browsing the repository.
Parsing Git URLs
This feature allows you to parse a Git URL and extract components such as domain, type, user, and project.
const hostedGitInfo = require('hosted-git-info');
const info = hostedGitInfo.fromUrl('https://github.com/npm/hosted-git-info.git');
console.log(info.domain); // 'github.com'
console.log(info.type); // 'github'
console.log(info.user); // 'npm'
console.log(info.project); // 'hosted-git-info'
Generating URLs
This feature enables you to generate various URLs for browsing, cloning, or as HTTPS URLs from a parsed Git repository object.
const hostedGitInfo = require('hosted-git-info');
const info = hostedGitInfo.fromUrl('git+https://github.com/npm/hosted-git-info.git');
console.log(info.browse()); // 'https://github.com/npm/hosted-git-info'
console.log(info.https()); // 'https://github.com/npm/hosted-git-info.git'
Shortcut URLs
This feature allows you to generate shortcut URLs for quick access to the repository on supported Git hosts.
const hostedGitInfo = require('hosted-git-info');
const info = hostedGitInfo.fromUrl('github:npm/hosted-git-info');
console.log(info.shortcut()); // 'github:npm/hosted-git-info'
console.log(info.https()); // 'https://github.com/npm/hosted-git-info.git'
This package provides similar functionality to hosted-git-info by parsing GitHub URLs and extracting information such as repository name, owner, and branch. However, it is specifically tailored to GitHub and does not support other Git hosting services.
git-url-parse is another package that parses Git URLs and returns an object with the parsed data. It supports a wider range of Git services compared to parse-github-url, making it more similar to hosted-git-info in terms of service coverage.
normalize-git-url normalizes Git URLs to ensure consistency. It is less feature-rich compared to hosted-git-info, focusing mainly on URL normalization rather than providing additional URL generation features.
This will let you identify and transform various git hosts URLs between protocols. It also can tell you what the URL is for the raw path for particular file for direct access without git.
const hostedGitInfo = require("hosted-git-info")
const info = hostedGitInfo.fromUrl("git@github.com:npm/hosted-git-info.git", opts)
/* info looks like:
{
type: "github",
domain: "github.com",
user: "npm",
project: "hosted-git-info"
}
*/
If the URL can't be matched with a git host, null
will be returned. We
can match git, ssh and https urls. Additionally, we can match ssh connect
strings (git@github.com:npm/hosted-git-info
) and shortcuts (eg,
github:npm/hosted-git-info
). GitHub specifically, is detected in the case
of a third, unprefixed, form: npm/hosted-git-info
.
If it does match, the returned object has properties of:
The major version will be bumped any time…
Implications:
.https()
to be a part of the contract. The contract is that it will
return a string that can be used to fetch the repo via HTTPS. But what
that string looks like, specifically, can change.git+
won't be prefixed on URLs.All of the methods take the same options as the fromUrl
factory. Options
provided to a method override those provided to the constructor.
Given the path of a file relative to the repository, returns a URL for
directly fetching it from the githost. If no committish was set then
HEAD
will be used as the default.
For example hostedGitInfo.fromUrl("git@github.com:npm/hosted-git-info.git#v1.0.0").file("package.json")
would return https://raw.githubusercontent.com/npm/hosted-git-info/v1.0.0/package.json
eg, github:npm/hosted-git-info
eg, https://github.com/npm/hosted-git-info/tree/v1.2.0
,
https://github.com/npm/hosted-git-info/tree/v1.2.0/package.json
,
https://github.com/npm/hosted-git-info/tree/v1.2.0/README.md#supported-hosts
eg, https://github.com/npm/hosted-git-info/issues
eg, https://github.com/npm/hosted-git-info/tree/v1.2.0#readme
eg, git+https://github.com/npm/hosted-git-info.git
eg, git+ssh://git@github.com/npm/hosted-git-info.git
eg, git@github.com:npm/hosted-git-info.git
eg, npm/hosted-git-info
eg, https://github.com/npm/hosted-git-info/archive/v1.2.0.tar.gz
Returns the default output type. The default output type is based on the string you passed in to be parsed
Uses the getDefaultRepresentation to call one of the other methods to get a URL for
this resource. As such hostedGitInfo.fromUrl(url).toString()
will give
you a normalized version of the URL that still uses the same protocol.
Shortcuts will still be returned as shortcuts, but the special case github
form of org/project
will be normalized to github:org/project
.
SSH connect strings will be normalized into git+ssh
URLs.
Currently this supports GitHub (including Gists), Bitbucket, GitLab and Sourcehut. Pull requests for additional hosts welcome.
FAQs
Provides metadata and conversions from repository urls for GitHub, Bitbucket and GitLab
We found that hosted-git-info demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.