Research
Recent Trends in Malicious Packages Targeting Discord
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Package description
The mdurl npm package is a utility for encoding and decoding URLs in a manner that is consistent with Markdown specifications. It is particularly useful when dealing with Markdown files that contain URLs which may need to be properly escaped to ensure they are interpreted correctly by Markdown parsers.
URL Encoding
Encodes a URL by escaping characters that are not allowed in Markdown URLs. This is useful for creating Markdown links that contain special characters.
var encode = require('mdurl/encode');
console.log(encode('https://example.com/foo bar'));
URL Decoding
Decodes a URL by unescaping percent-encoded characters. This is useful for reading and processing Markdown links that contain encoded characters.
var decode = require('mdurl/decode');
console.log(decode('https://example.com/foo%20bar'));
The query-string package provides methods for parsing and stringifying URL query strings. It is similar to mdurl in that it deals with URL manipulation, but it focuses specifically on the query string part of the URL.
The url-parse package offers utilities for URL parsing and formatting. It provides more comprehensive URL manipulation capabilities compared to mdurl, including parsing of the entire URL structure, not just encoding and decoding.
Readme
URL utilities for markdown-it parser.
Percent-encode a string, avoiding double encoding. Don't touch /a-zA-Z0-9/
+
excluded chars + /%[a-fA-F0-9]{2}/
(if not disabled). Broken surrorates are
replaced with U+FFFD
.
Params:
;/?:@&=+$,-_.!~*'()#
. Additional chars to keep intact
(except /a-zA-Z0-9/
).true
. By default it skips already encoded sequences
(/%[a-fA-F0-9]{2}/
). If set to false
, %
will be encoded.You can use these constants as second argument to encode
function.
encode.defaultChars
is the same exclude set as in the standard encodeURI()
functionencode.componentChars
is the same exclude set as in the encodeURIComponent()
functionFor example, encode('something', encode.componentChars, true)
is roughly the equivalent of
the encodeURIComponent()
function (except encode()
doesn't throw).
Decode percent-encoded string. Invalid percent-encoded sequences (e.g. %2G
)
are left as is. Invalid UTF-8 characters are replaced with U+FFFD
.
Params:
;/?:@&=+$,#
.You can use these constants as second argument to decode
function.
decode.defaultChars
is the same exclude set as in the standard decodeURI()
functiondecode.componentChars
is the same exclude set as in the decodeURIComponent()
functionFor example, decode('something', decode.defaultChars)
has the same behavior as
decodeURI('something')
on a correctly encoded input.
Parse url string. Similar to node's url.parse, but without any normalizations and query string parse.
//
, expect a hostname after it. Optional, false
.Result (hash):
Difference with node's url
:
url.parse('http://foo?bar')
pathname is
``, not /
http:\\example.org\
is
treated like a relative pathhttp://example.org:foo
pathname is :foo
url.parse()
does not have parseQueryString
argumenthost
, path
, query
, etc.,
which can be constructed using other parts of the url.Format an object previously obtained with .parse()
function. Similar to node's
url.format.
FAQs
URL utilities for markdown-it
We found that mdurl demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
The Socket research team breaks down a sampling of malicious packages that download and execute files, among other suspicious behaviors, targeting the popular Discord platform.
Security News
Socket CEO Feross Aboukhadijeh joins a16z partners to discuss how modern, sophisticated supply chain attacks require AI-driven defenses and explore the challenges and solutions in leveraging AI for threat detection early in the development life cycle.
Security News
NIST's new AI Risk Management Framework aims to enhance the security and reliability of generative AI systems and address the unique challenges of malicious AI exploits.