Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
http-link-header
Advanced tools
The http-link-header npm package is used to parse and construct HTTP Link headers. It provides a convenient way to handle the Link header, which is used in HTTP responses to provide metadata about the requested resource, such as pagination links, relationships, and more.
Parsing Link Headers
This feature allows you to parse a Link header string into an object. The parsed object contains references (refs) that you can easily access and manipulate.
const LinkHeader = require('http-link-header');
const linkHeader = LinkHeader.parse('<https://api.example.com/users?page=2>; rel="next", <https://api.example.com/users?page=5>; rel="last"');
console.log(linkHeader.refs);
Constructing Link Headers
This feature allows you to construct a Link header string from an object. You can add multiple links with different relations and then convert the object back to a string format suitable for HTTP headers.
const LinkHeader = require('http-link-header');
const linkHeader = new LinkHeader();
linkHeader.set({
uri: 'https://api.example.com/users?page=2',
rel: 'next'
});
linkHeader.set({
uri: 'https://api.example.com/users?page=5',
rel: 'last'
});
console.log(linkHeader.toString());
Finding Links by Relation
This feature allows you to find a specific link by its relation type (rel). This is useful for quickly accessing specific links like 'next', 'prev', 'first', or 'last' in paginated responses.
const LinkHeader = require('http-link-header');
const linkHeader = LinkHeader.parse('<https://api.example.com/users?page=2>; rel="next", <https://api.example.com/users?page=5>; rel="last"');
const nextLink = linkHeader.get('rel', 'next');
console.log(nextLink);
The parse-link-header package is another library for parsing HTTP Link headers. It provides similar functionality to http-link-header but focuses solely on parsing and does not offer construction capabilities. It is simpler and may be preferred if you only need to parse Link headers.
The http-headers package is a more general library for parsing and constructing HTTP headers, including but not limited to Link headers. It offers a broader range of functionality compared to http-link-header, making it suitable for more complex HTTP header manipulations.
Parse & format HTTP link headers according to RFC 8288
$ npm install --save http-link-header
While RFC 8288, Section 3.1 states that relative URI-References MUST be resolved by the parsers – this library DOES NOT. This is due to the parser not having an input for the absolute or canonical URI of the related document. Currently there are no plans to add this, and it is left to the user whether or not to resolve relative URIs.
var LinkHeader = require( 'http-link-header' )
var link = LinkHeader.parse(
'<example.com>; rel="example"; title="Example Website", ' +
'<example-01.com>; rel="alternate"; title="Alternate Example Domain"'
)
> Link {
refs: [
{ uri: 'example.com', rel: 'example', title: 'Example Website' },
{ uri: 'example-01.com', rel: 'alternate', title: 'Alternate Example Domain' },
]
}
link.has( 'rel', 'alternate' )
> true
link.get( 'rel', 'alternate' )
> [
{ uri: 'example-01.com', rel: 'alternate', title: 'Alternate Example Domain' }
]
// Shorthand for `rel` attributes
link.rel( 'alternate' )
> [
{ uri: 'example-01.com', rel: 'alternate', title: 'Alternate Example Domain' }
]
link.set({ uri: 'https://example.com/next', rel: 'next' })
> Link {
refs: [
{ uri: 'example.com', rel: 'example', title: 'Example Website' },
{ uri: 'example-01.com', rel: 'alternate', title: 'Alternate Example Domain' },
{ rel: 'next', uri: 'https://example.com/next' }
]
}
link.setUnique({
uri: 'https://example.com/image.png',
rel: 'preload',
as: 'image',
type: 'image/png'
})
> Link {
refs: [
{ uri: 'https://example.com/image.png', rel: 'preload', as: 'image', type: 'image/png' }
]
}
link.setUnique({
uri: 'https://example.com/image.png',
rel: 'preload',
as: 'image',
type: 'image/png'
})
> Link {
refs: [
{ uri: 'https://example.com/image.png', rel: 'preload', as: 'image', type: 'image/png' }
]
}
var link = new LinkHeader()
link.parse( '<example.com>; rel="example"; title="Example Website"' )
> Link {
refs: [
{ uri: 'example.com', rel: 'example', title: 'Example Website' },
]
}
link.parse( '<example-01.com>; rel="alternate"; title="Alternate Example Domain"' )
> Link {
refs: [
{ uri: 'example.com', rel: 'example', title: 'Example Website' },
{ uri: 'example-01.com', rel: 'alternate', title: 'Alternate Example Domain' },
]
}
link.parse( '<example-02.com>; rel="alternate"; title="Second Alternate Example Domain"' )
> Link {
refs: [
{ uri: 'example.com', rel: 'example', title: 'Example Website' },
{ uri: 'example-01.com', rel: 'alternate', title: 'Alternate Example Domain' },
{ uri: 'example-02.com', rel: 'alternate', title: 'Second Alternate Example Domain' },
]
}
link.parse( '</extended-attr-example>; rel=start; title*=UTF-8\'en\'%E2%91%A0%E2%93%AB%E2%85%93%E3%8F%A8%E2%99%B3%F0%9D%84%9E%CE%BB' )
> Link {
refs: [
{ uri: '/extended-attr-example', rel: 'start', 'title*': { language: 'en', encoding: null, value: '①⓫⅓㏨♳𝄞λ' } }
]
}
link.toString()
> '<example.com>; rel=example; title="Example Website", <example-01.com>; rel=alternate; title="Alternate Example Domain"'
$ npm run benchmark
# http-link-header .parse() ⨉ 1000000
ok ~1.29 s (1 s + 289696759 ns)
# http-link-header #toString() ⨉ 1000000
ok ~554 ms (0 s + 553782657 ns)
FAQs
Parse & format HTTP link headers according to RFC 8288
The npm package http-link-header receives a total of 724,876 weekly downloads. As such, http-link-header popularity was classified as popular.
We found that http-link-header demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.