Research
2025 Report: Destructive Malware in Open Source Packages
Destructive malware is rising across open source registries, using delays and kill switches to wipe code, break builds, and disrupt CI/CD.
By Kush Pandya - Dec 24, 2025
parse-github-repo-url
Advanced tools
Parse GitHub Repo URL
Parse all the stupid ways you could write a GitHub URL in your damn package.json.
Supports:
<user>/<repo#<commit>git://and.gitw/#commitor@version- All 5 different ways you could download a freaking tarball/zipball
API
[user, repo, version] = parse(url)
version could be falsey, a semantic version, a commit, or a branch, etc.
var parse = require('parse-github-repo-url')
parse('component/emitter#1') // => ['component', 'emitter', '1']
See the tests for all the different types of supported URLs.
Other packages similar to parse-github-repo-url
github-url-to-object
The github-url-to-object package converts GitHub URLs into objects containing useful information such as the user, repository, and branch. It offers more detailed parsing and additional properties compared to parse-github-repo-url.
parse-github-url
The parse-github-url package is another utility for parsing GitHub URLs. It provides similar functionality to parse-github-repo-url but includes additional features like extracting the protocol and host.
github-url-parse
The github-url-parse package parses GitHub URLs and returns an object with properties like owner, name, branch, and more. It offers a more comprehensive parsing compared to parse-github-repo-url.
FAQs
Parse a GitHub URL for user/project@version
The npm package parse-github-repo-url receives a total of 186,663 weekly downloads. As such, parse-github-repo-url popularity was classified as popular.
We found that parse-github-repo-url demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Package last updated on 23 Apr 2014
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Engineering with AI Podcast: The Promise of AI-First Development
Socket CTO Ahmad Nassri shares practical AI coding techniques, tools, and team workflows, plus what still feels noisy and why shipping remains human-led.
By Sarah Gooding - Dec 24, 2025
Research
/Security News
Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations
A five-month operation turned 27 npm packages into durable hosting for browser-run lures that mimic document-sharing portals and Microsoft sign-in, targeting 25 organizations across manufacturing, industrial automation, plastics, and healthcare for credential theft.
By Nicholas Anderson, Kirill Boychenko - Dec 23, 2025