![Malicious npm Package Typosquats react-login-page to Deploy Keylogger](https://cdn.sanity.io/images/cgdhsj6q/production/007b21d9cf9e03ae0bb3f577d1bd59b9d715645a-1024x1024.webp?w=400&fit=max&auto=format)
Research
Security News
Malicious npm Package Typosquats react-login-page to Deploy Keylogger
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
parse-path
Advanced tools
Package description
The parse-path npm package is a utility for parsing URLs and file paths into their constituent parts. It can handle a variety of path formats and provides a structured way to access different components of a path.
Parse URL
This feature allows you to parse a URL into its components such as protocol, host, port, pathname, query, and hash.
const parsePath = require('parse-path');
const parsedUrl = parsePath('https://example.com:8080/path/name?query=string#hash');
console.log(parsedUrl);
Parse File Path
This feature allows you to parse a file path into its components such as root, dir, base, ext, and name.
const parsePath = require('parse-path');
const parsedFilePath = parsePath('/home/user/docs/file.txt');
console.log(parsedFilePath);
Handle Different Path Formats
This feature allows you to handle different path formats, including Windows-style paths, and parse them into their components.
const parsePath = require('parse-path');
const parsedPath = parsePath('C:\Users\user\docs\file.txt');
console.log(parsedPath);
The url-parse package is a robust URL parser that works in both Node.js and the browser. It provides similar functionality to parse-path but is more focused on URLs rather than file paths. It offers additional features like URL normalization and query string parsing.
The path-parse package is a simple utility for parsing file paths into their components. It is similar to parse-path but is more focused on file paths rather than URLs. It provides a straightforward way to access different parts of a file path.
The whatwg-url package is a full implementation of the WHATWG URL Standard. It provides comprehensive URL parsing and manipulation capabilities, making it more feature-rich compared to parse-path. However, it is more complex and may be overkill for simple use cases.
Readme
Parse paths (local paths, urls: ssh/git/etc)
# Using npm
npm install --save parse-path
# Using yarn
yarn add parse-path
// Dependencies
const parsePath = require("parse-path")
console.log(parsePath("http://ionicabizau.net/blog"))
// { protocols: [ 'http' ],
// protocol: 'http',
// port: null,
// resource: 'ionicabizau.net',
// user: '',
// pathname: '/blog',
// hash: '',
// search: '',
// href: 'http://ionicabizau.net/blog' }
console.log(parsePath("http://domain.com/path/name?foo=bar&bar=42#some-hash"))
// { protocols: [ 'http' ],
// protocol: 'http',
// port: null,
// resource: 'domain.com',
// user: '',
// pathname: '/path/name',
// hash: 'some-hash',
// search: 'foo=bar&bar=42',
// href: 'http://domain.com/path/name?foo=bar&bar=42#some-hash' }
console.log(parsePath("git+ssh://git@host.xz/path/name.git"))
// { protocols: [ 'git', 'ssh' ],
// protocol: 'git',
// port: null,
// resource: 'host.xz',
// user: 'git',
// pathname: '/path/name.git',
// hash: '',
// search: '',
// href: 'git+ssh://git@host.xz/path/name.git' }
console.log(parsePath("git@github.com:IonicaBizau/git-stats.git"))
// { protocols: [],
// protocol: 'ssh',
// port: null,
// resource: 'github.com',
// user: 'git',
// pathname: '/IonicaBizau/git-stats.git',
// hash: '',
// search: '',
// href: 'git@github.com:IonicaBizau/git-stats.git' }
There are few ways to get help:
Please post questions on Stack Overflow. You can open issues with questions, as long you add a link to your Stack Overflow question.
For bug reports and feature requests, open issues. :bug:
For direct and quick help, you can use Codementor. :rocket:
parsePath(url)
Parses the input url.
url
: The input url.protocols
(Array): An array with the url protocols (usually it has one element).protocol
(String): The first protocol, "ssh"
(if the url is a ssh url) or "file"
.port
(null|Number): The domain port.resource
(String): The url domain (including subdomains).user
(String): The authentication user (usually for ssh urls).pathname
(String): The url pathname.hash
(String): The url hash.search
(String): The url querystring value.href
(String): The input url.query
(Object): The url querystring, parsed as object.Have an idea? Found a bug? See how to contribute.
I open-source almost everything I can, and I try to reply to everyone needing help using these projects. Obviously, this takes time. You can integrate and use these projects in your applications for free! You can even change the source code and redistribute (even resell it).
However, if you get some profit from this or just want to encourage me to continue creating stuff, there are few ways you can do it:
Starring and sharing the projects you like :rocket:
—I love books! I will remember you after years if you buy me one. :grin: :book:
—You can make one-time donations via PayPal. I'll probably buy a
coffee tea. :tea:
—Set up a recurring monthly donation and you will get interesting news about what I'm doing (things that I don't share with everyone).
Bitcoin—You can send me bitcoins at this address (or scanning the code below): 1P9BRsmazNQcuyTxEqveUsnf5CERdq35V6
Thanks! :heart:
If you are using this library in one of your projects, add it in this list. :sparkles:
parse-url
—An advanced url parser supporting git urls too.FAQs
Unknown package
We found that parse-path demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers unpack a typosquatting package with malicious code that logs keystrokes and exfiltrates sensitive data to a remote server.
Security News
The JavaScript community has launched the e18e initiative to improve ecosystem performance by cleaning up dependency trees, speeding up critical parts of the ecosystem, and documenting lighter alternatives to established tools.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.