Security News
NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
The ipaddr.js package is a library for manipulating IPv4 and IPv6 addresses in JavaScript. It allows for parsing, validating, and normalizing IP addresses, as well as performing operations like determining if an IP is in a particular subnet.
Parsing and Validating IP Addresses
This feature allows you to parse a string representation of an IP address into an ipaddr.js object and validate if a given string is a valid IP address.
const ipaddr = require('ipaddr.js');
const addr = ipaddr.parse('192.168.1.1');
const isValid = ipaddr.isValid('192.168.1.1');
Determining IP Address Type
This feature helps in determining whether a parsed IP address is of type IPv4 or IPv6.
const ipaddr = require('ipaddr.js');
const addr = ipaddr.parse('192.168.1.1');
const isIPv4 = addr.kind() === 'ipv4';
const isIPv6 = addr.kind() === 'ipv6';
Subnet Matching
This feature is used to check if an IP address belongs to a certain subnet.
const ipaddr = require('ipaddr.js');
const addr = ipaddr.parse('192.168.1.1');
const range = ipaddr.parse('192.168.1.0/24');
const isInSubnet = addr.match(range);
Range Checking
This feature allows you to check the range of an IP address, such as whether it's unicast, multicast, link-local, private, etc.
const ipaddr = require('ipaddr.js');
const addr = ipaddr.parse('2001:db8::1');
const isReserved = addr.range() === 'unicast';
The 'ip' package provides utilities for handling IPv4 and IPv6 addresses. Similar to ipaddr.js, it allows for IP address parsing, validation, and subnet operations. However, it has a different API and may have different performance characteristics.
The 'cidr-js' package is used for calculating CIDR subnet information. It is similar to ipaddr.js in terms of handling subnets but is more focused on CIDR-specific calculations and less on general IP address manipulation.
The 'netmask' package parses and manipulates network ranges in CIDR notation. It provides functionality to determine if an IP is within a network range, similar to ipaddr.js, but with a focus on netmask calculations.
ipaddr.js is a small (1.9K minified and gzipped) library for manipulating IP addresses in JavaScript environments. It runs on both CommonJS runtimes (e.g. nodejs) and in a web browser.
ipaddr.js allows you to verify and parse string representation of an IP address, match it against a CIDR range or range list, determine if it falls into some reserved ranges (examples include loopback and private ranges), and convert between IPv4 and IPv4-mapped IPv6 addresses.
npm install ipaddr.js
or
bower install ipaddr.js
Use 2.x release for nodejs versions 10+. Use the 1.x release for versions of nodejs older than 10.
ipaddr.js defines one object in the global scope: ipaddr
. In CommonJS,
it is exported from the module:
const ipaddr = require('ipaddr.js');
The API consists of several global methods and two classes: ipaddr.IPv6 and ipaddr.IPv4.
There are three global methods defined: ipaddr.isValid
, ipaddr.parse
and
ipaddr.process
. All of them receive a string as a single parameter.
The ipaddr.isValid
method returns true
if the address is a valid IPv4 or
IPv6 address, and false
otherwise. It does not throw any exceptions.
The ipaddr.parse
method returns an object representing the IP address,
or throws an Error
if the passed string is not a valid representation of an
IP address.
The ipaddr.process
method works just like the ipaddr.parse
one, but it
automatically converts IPv4-mapped IPv6 addresses to their IPv4 counterparts
before returning. It is useful when you have a Node.js instance listening
on an IPv6 socket, and the net.ivp6.bindv6only
sysctl parameter (or its
equivalent on non-Linux OS) is set to 0. In this case, you can accept IPv4
connections on your IPv6-only socket, but the remote address will be mangled.
Use ipaddr.process
method to automatically demangle it.
Parsing methods return an object which descends from ipaddr.IPv6
or
ipaddr.IPv4
. These objects share some properties, but most of them differ.
One can determine the type of address by calling addr.kind()
. It will return
either "ipv6"
or "ipv4"
.
An address can be converted back to its string representation with addr.toString()
.
Note that this method:
A match(range, bits)
method can be used to check if the address falls into a
certain CIDR range. Note that an address can be (obviously) matched only against an address of the same type.
For example:
const addr = ipaddr.parse('2001:db8:1234::1');
const range = ipaddr.parse('2001:db8::');
addr.match(range, 32); // => true
Alternatively, match
can also be called as match([range, bits])
. In this way, it can be used together with the parseCIDR(string)
method, which parses an IP address together with a CIDR range.
For example:
const addr = ipaddr.parse('2001:db8:1234::1');
addr.match(ipaddr.parseCIDR('2001:db8::/32')); // => true
A range()
method returns one of predefined names for several special ranges defined by IP protocols. The exact names (and their respective CIDR ranges) can be looked up in the source: IPv6 ranges and IPv4 ranges. Some common ones include "unicast"
(the default one) and "reserved"
.
You can match against your own range list by using
ipaddr.subnetMatch(address, rangeList, defaultName)
method. It can work with a mix of IPv6 or IPv4 addresses, and accepts a name-to-subnet map as the range list. For example:
const rangeList = {
documentationOnly: [ ipaddr.parse('2001:db8::'), 32 ],
tunnelProviders: [
[ ipaddr.parse('2001:470::'), 32 ], // he.net
[ ipaddr.parse('2001:5c0::'), 32 ] // freenet6
]
};
ipaddr.subnetMatch(ipaddr.parse('2001:470:8:66::1'), rangeList, 'unknown'); // => "tunnelProviders"
The addresses can be converted to their byte representation with toByteArray()
. (Actually, JavaScript mostly does not know about byte buffers. They are emulated with arrays of numbers, each in range of 0..255.)
const bytes = ipaddr.parse('2a00:1450:8007::68').toByteArray(); // ipv6.google.com
bytes // => [42, 0x00, 0x14, 0x50, 0x80, 0x07, 0x00, <zeroes...>, 0x00, 0x68 ]
The ipaddr.IPv4
and ipaddr.IPv6
objects have some methods defined, too. All of them have the same interface for both protocols, and are similar to global methods.
ipaddr.IPvX.isValid(string)
can be used to check if the string is a valid address for particular protocol, and ipaddr.IPvX.parse(string)
is the error-throwing parser.
ipaddr.IPvX.isValid(string)
uses the same format for parsing as the POSIX inet_ntoa
function, which accepts unusual formats like 0xc0.168.1.1
or 0x10000000
. The function ipaddr.IPv4.isValidFourPartDecimal(string)
validates the IPv4 address and also ensures that it is written in four-part decimal format.
Sometimes you will want to convert IPv6 not to a compact string representation (with the ::
substitution); the toNormalizedString()
method will return an address where all zeroes are explicit.
For example:
const addr = ipaddr.parse('2001:0db8::0001');
addr.toString(); // => '2001:db8::1'
addr.toNormalizedString(); // => '2001:db8:0:0:0:0:0:1'
The isIPv4MappedAddress()
method will return true
if this address is an IPv4-mapped
one, and toIPv4Address()
will return an IPv4 object address.
To access the underlying binary representation of the address, use addr.parts
.
const addr = ipaddr.parse('2001:db8:10::1234:DEAD');
addr.parts // => [0x2001, 0xdb8, 0x10, 0, 0, 0, 0x1234, 0xdead]
A IPv6 zone index can be accessed via addr.zoneId
:
const addr = ipaddr.parse('2001:db8::%eth0');
addr.zoneId // => 'eth0'
toIPv4MappedAddress()
will return a corresponding IPv4-mapped IPv6 address.
To access the underlying representation of the address, use addr.octets
.
const addr = ipaddr.parse('192.168.1.1');
addr.octets // => [192, 168, 1, 1]
prefixLengthFromSubnetMask()
will return a CIDR prefix length for a valid IPv4 netmask or
null if the netmask is not valid.
ipaddr.IPv4.parse('255.255.255.240').prefixLengthFromSubnetMask() == 28
ipaddr.IPv4.parse('255.192.164.0').prefixLengthFromSubnetMask() == null
subnetMaskFromPrefixLength()
will return an IPv4 netmask for a valid CIDR prefix length.
ipaddr.IPv4.subnetMaskFromPrefixLength(24) == '255.255.255.0'
ipaddr.IPv4.subnetMaskFromPrefixLength(29) == '255.255.255.248'
broadcastAddressFromCIDR()
will return the broadcast address for a given IPv4 interface and netmask in CIDR notation.
ipaddr.IPv4.broadcastAddressFromCIDR('172.0.0.1/24') == '172.0.0.255'
networkAddressFromCIDR()
will return the network address for a given IPv4 interface and netmask in CIDR notation.
ipaddr.IPv4.networkAddressFromCIDR('172.0.0.1/24') == '172.0.0.0'
IPv4 and IPv6 can be converted bidirectionally to and from network byte order (MSB) byte arrays.
The fromByteArray()
method will take an array and create an appropriate IPv4 or IPv6 object
if the input satisfies the requirements. For IPv4 it has to be an array of four 8-bit values,
while for IPv6 it has to be an array of sixteen 8-bit values.
For example:
const addr = ipaddr.fromByteArray([0x7f, 0, 0, 1]);
addr.toString(); // => '127.0.0.1'
or
const addr = ipaddr.fromByteArray([0x20, 1, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1])
addr.toString(); // => '2001:db8::1'
Both objects also offer a toByteArray()
method, which returns an array in network byte order (MSB).
For example:
const addr = ipaddr.parse('127.0.0.1');
addr.toByteArray(); // => [0x7f, 0, 0, 1]
or
const addr = ipaddr.parse('2001:db8::1');
addr.toByteArray(); // => [0x20, 1, 0xd, 0xb8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1]
FAQs
A library for manipulating IPv4 and IPv6 addresses in JavaScript.
The npm package ipaddr.js receives a total of 7,601,983 weekly downloads. As such, ipaddr.js popularity was classified as popular.
We found that ipaddr.js demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.