jelban.js
Advanced tools
Readme
A library for filtering fake, disposable and duplicated email addresses.
lib/validators/temporary-email-domains.Jelban's Gmail provider normalizes Gmail addresses to lowercase, non dotted and non aliased @gmail.com email addresses, since:
Gmail addresses are not case sensitive, John.Doe@gmail.com is equivalent to john.doe@gmail.com.
Gmail offers an aliases feature where you can create multiple aliases for your address, example:
For example, messages sent to the following aliases will all go to janedoe@gmail.com:
janedoe+school@gmail.com janedoe+notes@gmail.com janedoe+important.emails@gmail.com
Also, @gmail.com addresses, can be reached by using @googlemail.com, source http://techcrunch.com/2010/05/03/gmail-uk/. So janedoe@gmail.com is exactly equivalent to janedoe@googlemail.com.
Dots don't matter in Gmail addressees (source), so john.smith@gmail.com, and jo.hn.sm.ith@gmail.com, and j.o.h.n.s.m.i.t.h@gmail.com and johnnsmith@gmail.com are all similar.
Similarly to the previous provider, Jelban's Outlook provider normalizers Outlook (aka. Hotmail) email addresses as it has also the option to create aliases (src), example:
Emails to jane.doe+school@hotmail.fr and jane.doe+work@hotmail.fr will land at
jane.doe@hotmail.fr's mailbox
If you rely on the email normalization feature of this library you might be making account enumeration and brute force attacks easier. As attackers will have to guess for only a small subset of strings that does not have dots, upper/lowercase characters or aliases.
Also, users may choose to use the aliases when registering to your applications, and that a choice that must be respected as they may route that kind of emails to certain folders in their mailboxes.
Store email addresses in both formats, the user input and your normalized format, and when checking if an address is used you can rely on the normalized one, this may cause another issue if a user wants to change from their address johnsmith@gmail.com to john.smith@gmail.com in their profile settings, then you know best what to do :)
npm i jelban.js
import { Jelban } from 'jelban.js';
// Instantiate the library
const jelban = new Jelban();
console.log(jelban.isValid('something@gmail.com')); // prints "true"
console.log(jelban.isValid('kavi@boxomail.live')); // throws: "Invalid email address "kavi@boxomail.live", rules: ["IsExcludedDomainValidator"]" because "@boxmail.live" is a temporary domain from mohamal.com service
// If you don't want to throw on failed validations and return "false" instead:
console.log(jelban.isValid('kavi@boxomail.live', false)); // prints "false"
| Param | Description | Required | Default |
|---|---|---|---|
noGmailAliases | When set to true, this will exclude Gmail aliases as described in providers/gmail | false | true |
noOutlookAliases | When set to true, this will exclude Outlook aliases as described in providers/Outlook | false | true |
noDisposableEmailAddresses | When set to true, this will exclude temporary email addresses from services like mohmal.com | false | true |
excludeDomains | A list of email address domains that you may want to exclude | false | [] |
allowDomains | A list of restricted domains you want to include, default is [] which will skip this validation rule | false | [] |
To run the project locally
# Use recommended Node version
nvm install
nvm use
# install dependencies
npm i
# run tests
npm test
# run mutation tests
npm run mutate
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
Please make sure to update tests as appropriate.
This project is licensed under the MIT License - see the LICENSE file for details
FAQs
Another email addresses filter; filters out disposable and addresses' alias
The npm package jelban.js receives a total of 1 weekly downloads. As such, jelban.js popularity was classified as not popular.
We found that jelban.js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.
Security News
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.