Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
The parse-url npm package is used to parse URLs and extract components such as protocol, auth, host, pathname, query parameters, and hash. It provides a simple API to break down a URL string into its constituent parts for easy access and manipulation.
Parsing the URL
This feature allows you to parse a full URL and returns an object with properties like protocol, resource, user, pathname, hash, search, and query. Each property represents a specific part of the URL.
const parseUrl = require('parse-url');
const parsed = parseUrl('https://www.example.com:8080/path/name?query=value#hash');
console.log(parsed);
Parsing the Query String
This feature specifically focuses on parsing the query string part of the URL and converting it into an object for easy access to each query parameter.
const parseUrl = require('parse-url');
const parsed = parseUrl('https://www.example.com/path/name?query=value&another=thing');
console.log(parsed.query);
Reconstructing the URL
After parsing a URL and potentially modifying its components, this feature allows you to reconstruct the URL back into a string.
const parseUrl = require('parse-url');
const parsed = parseUrl('https://www.example.com/path/name');
parsed.resource = 'www.another-example.com';
const reconstructedUrl = parseUrl.stringify(parsed);
console.log(reconstructedUrl);
The url-parse package offers similar functionality to parse-url, allowing for the parsing of URLs into components. It also provides the ability to resolve relative URLs against an absolute base URL, which is a feature not present in parse-url.
While qs is not a direct alternative to parse-url, it provides robust query string parsing and stringifying capabilities. It can be used in conjunction with other URL parsing libraries to handle the query string part of URLs more extensively than parse-url.
URI.js is a URL manipulation library that provides a fluent API for building, parsing, and manipulating URLs. It offers more features than parse-url, such as URL normalization, resolution of relative paths, and support for punycode and IPv6.
An advanced url parser supporting git urls too.
For low-level path parsing, check out parse-path
. This very module is designed to parse urls. By default the urls are normalized.
# Using npm
npm install --save parse-url
# Using yarn
yarn add parse-url
// Dependencies
import parseUrl from "parse-url";
console.log(parseUrl("http://ionicabizau.net/blog"))
// {
// protocols: [ 'http' ],
// protocol: 'http',
// port: '',
// resource: 'ionicabizau.net',
// user: '',
// password: '',
// pathname: '/blog',
// hash: '',
// search: '',
// href: 'http://ionicabizau.net/blog',
// query: {}
// }
console.log(parseUrl("http://domain.com/path/name?foo=bar&bar=42#some-hash"))
// {
// protocols: [ 'http' ],
// protocol: 'http',
// port: '',
// resource: 'domain.com',
// user: '',
// password: '',
// pathname: '/path/name',
// hash: 'some-hash',
// search: 'foo=bar&bar=42',
// href: 'http://domain.com/path/name?foo=bar&bar=42#some-hash',
// query: { foo: 'bar', bar: '42' }
// }
// If you want to parse fancy Git urls, turn off the automatic url normalization
console.log(parseUrl("git+ssh://git@host.xz/path/name.git", false))
// {
// protocols: [ 'git', 'ssh' ],
// protocol: 'git',
// port: '',
// resource: 'host.xz',
// user: 'git',
// password: '',
// pathname: '/path/name.git',
// hash: '',
// search: '',
// href: 'git+ssh://git@host.xz/path/name.git',
// query: {}
// }
console.log(parseUrl("git@github.com:IonicaBizau/git-stats.git", false))
// {
// protocols: [ 'ssh' ],
// protocol: 'ssh',
// port: '',
// resource: 'github.com',
// user: 'git',
// password: '',
// pathname: '/IonicaBizau/git-stats.git',
// hash: '',
// search: '',
// href: 'git@github.com:IonicaBizau/git-stats.git',
// query: {}
// }
There are few ways to get help:
interopDefaultLegacy()
#PURE
parseUrl(url, normalize)
Parses the input url.
Note: This throws if invalid urls are provided.
String url
: The input url.
Boolean|Object normalize
: Whether to normalize the url or not. Default is false
. If true
, the url will
be normalized. If an object, it will be the
options object sent to normalize-url
.
For SSH urls, normalize won't work.
protocols
(Array): An array with the url protocols (usually it has one element).protocol
(String): The first protocol, "ssh"
(if the url is a ssh url) or "file"
.port
(null|Number): The domain port.resource
(String): The url domain (including subdomains).host
(String): The fully qualified domain name of a network host, or its IP address.user
(String): The authentication user (usually for ssh urls).pathname
(String): The url pathname.hash
(String): The url hash.search
(String): The url querystring value.href
(String): The input url.query
(Object): The url querystring, parsed as object.parse_failed
(Boolean): Whether the parsing failed or not.([a-zA-Z_][a-zA-Z0-9_-]{0,31}) Try to match the user ([\w.-@]+) Match the host/resource (([~,.\w,-,_,/,\s]|%[0-9A-Fa-f]{2})+?(?:.git|/)?) Match the path, allowing spaces/white
Have an idea? Found a bug? See how to contribute.
I open-source almost everything I can, and I try to reply to everyone needing help using these projects. Obviously, this takes time. You can integrate and use these projects in your applications for free! You can even change the source code and redistribute (even resell it).
However, if you get some profit from this or just want to encourage me to continue creating stuff, there are few ways you can do it:
Starring and sharing the projects you like :rocket:
—I love books! I will remember you after years if you buy me one. :grin: :book:
—You can make one-time donations via PayPal. I'll probably buy a coffee tea. :tea:
—Set up a recurring monthly donation and you will get interesting news about what I'm doing (things that I don't share with everyone).
Bitcoin—You can send me bitcoins at this address (or scanning the code below): 1P9BRsmazNQcuyTxEqveUsnf5CERdq35V6
Thanks! :heart:
If you are using this library in one of your projects, add it in this list. :sparkles:
@_nomtek/react-native-shimmer-animation
@aabelmann/ui-layer
@ali5049/react-native-buttons
@amirdiafi/react-native-ios-haptics
@angga30prabu/wa-modified
@apardellass/react-native-audio-stream
@aysea/react-native-ui-library
@azalpacir/react-native-dhp-printer
@brantalikp/rn-resize
@buganto/client
@con-test/react-native-concent-common
@cs6/react-native-test-native-view-library
@damruravihara/react-native-testing-package
@dataparty/api
@enkeledi/react-native-week-month-date-picker
@extrieve_technologies/quickcapture_react_native
@foundernetes/machines
@foundernetes/metal-debian
@geeky-apo/react-native-advanced-clipboard
@hbglobal/react-native-actions-shortcuts
@heycharge/heycharge-react-native-sdk
@hieuquang2212/form
@hstech/utils
@idas1/ui-component-lib
@jfilipe-sparta/react-native-module_2
@jimengio/mocked-proxy
@klevn/solid-router
@lakutata-module/service
@mockswitch/cli
@ndla/source-map-resolver
@npm_fluentco/adflow-react-native-sdk
@oiti/rn-liveness2d
@open-wa/wa-automate
@phpboyscout/semantic-release-gitlab
@phuocnb/semrelease-gitlab
@positionex/position-sdk
@praella/localisationist
@qiwi/sourcecrumbs
@react-native-ui-design/button
@roq/ui-react
@roshub/api
@saad27/react-native-bottom-tab-tour
@semantic-release/gitlab
@sephriot/react-native-persistable-uri
@sidghimire/react-native-mapbox-navigation
@taingo97/react-native-awesome-module
@taingo97/react-native-bluetooth-xprinter
@taingo97/react-native-expo-key-rsa-kt
@taingo97/react-native-generate-key-rsa
@taingo97/react-native-key-rsa
@taingo97/react-native-print-xprinter
@taingo97/react-native-rsa-expo
@taingo97/react-native-sunmi-printer
@taingo97/react-native-telpo-printer
@teles1-semantic-release/gitlab
@thinxviewx/core-rn
@tomw2w/my-nuxt-layer
@valifysolutions/react-native-vidvliveness
@wecraftapps/react-native-use-keyboard
agent-get-agent
angularvezba
apaas-track
api-reach-react-native-fix
archlibrary
arifbudixz
astra-ufo-sdk
awesome-module-kd
ba-js-cookie-banner
begg
bilibili2local
biometric-st
birken-react-native-community-image-editor
blitzzz
build-plugin-ssr
candlelabssdk
checkbox-component
cli-live-tutorial
delta-screen
demo-test-scrn
deploy-versioning
design-system-trial-milyasbpa
dogandev-simple-toast
egg-muc-custom-loader
electron-info
eval-spider
expo-renavigate
fawaterak-online-payment
fawatrak-online-payment
fixed_form_builder
fluent.adflow.reactnativesdk
fluent.adflow.reactnativesdk-alpha
fmsl
framework_test_library_sixdee
framework_test_library_sixdee_new
framework_test_library_sixdee_new_new
fuge-runner
gamification-integration-new
gaurav-react-native-loop
generator-bootstrap-boilerplate-template
genz-native-elements
gh-monoproject-cli
git-up
gitlab-backup-util-harduino
griffin-ui-library
heroku-wp-environment-sync
hologit
hong1-utils
hubot-will-it-connect
hui-plugin-wss
ipsamvel
jamuskalim
jordy-frijters-test-lib
kakapo
khaled-salem-custom-components
luojia-cli-dev
markdownalint-cli2
michael-stun
microbe.js
miguelcostero-ng2-toasty
native-apple-login
native-date-picker-module
native-google-login
native-kakao-login
native-modal-damage-vehicle
native-zip
ndla-source-map-resolver
new-awesome-4321
njs-wa-auto
normalize-id
normalize-ssh
npm_one_12_34_1_
npm_one_1_2_3
npm_one_2_2
npm_qwerty
parse-db-uri
pasbeaucoupmoinsrave
payutesting
pnm-yph-react-native-custom-components
project-wajs-dv
pyreswap-sdk
quickcapture_react_native
raact-native-arunramya151
reac-native-arun-ramya-test
react-native-addition
react-native-android-video-player-view
react-native-animate-text
react-native-app-bubble
react-native-app-integrity-checksum
react-native-arps-authorize-net
react-native-arun-ramya-test
react-native-arunjeyam1987
react-native-arunmeena1987
react-native-arunramya151
react-native-auth-service-client
react-native-aventonfacetec-aventon
react-native-awesome-android-123
react-native-awesome-android-123-zeotap
react-native-awesome-module-latest
react-native-awesome-module-two
react-native-azure-communication-services
react-native-badge-control
react-native-basic-app
react-native-basic-screen
react-native-biometric-authenticate
react-native-bleccs-components
react-native-bluetooth-device-detect
react-native-bridge-package
react-native-bubble-chart
react-native-build-vesion-getter
react-native-check-component
react-native-chenaar
react-native-components-design
react-native-conekta-card-tokenizer
react-native-contact-list
react-native-cplus
react-native-create-video-thumbnail
react-native-ctp-odp
react-native-dhp-printer
react-native-dimensions-layout
react-native-dsphoto-module
react-native-fedlight-dsm
react-native-flyy
react-native-get-countries
react-native-ghn-ekyc
react-native-innity-2
react-native-innity-remaster
react-native-input-library
react-native-is7
react-native-jsi-device-info
react-native-kakao-maps
react-native-klarify-ios
react-native-klarify-ui
react-native-klc
react-native-lib-test-rn-1
react-native-library-testing-422522
react-native-line-login-android
react-native-login-demo-test
react-native-lowlatency
react-native-loyalty-platforms
react-native-manh-test
react-native-manual-ios-sdk
react-native-modal-progress-bar
react-native-module-arge
react-native-module-for-testing
react-native-multiplier-altroncoso
react-native-multiplier-component
react-native-multiplier-demo
react-native-multiplier2
react-native-multiply
react-native-multiply-component
react-native-multiselector
react-native-mun-kit
react-native-my-first-try-arun-ramya
react-native-native-audio-engine
react-native-native-ios-test1
react-native-nativewind
react-native-nghia-sharering
react-native-nice-learning
react-native-omental-framework
react-native-onramp
react-native-payu-payment-testing
react-native-plugpag-wrapper
react-native-progress-arrow
react-native-pulsator-native
react-native-rabbitmq-all
react-native-radio-bic-group-lib
react-native-reanimated-sortable-list
react-native-recent-framework-update
react-native-responsive-helper
react-native-responsive-size
react-native-return-usb-data
react-native-rn-app
react-native-rn-icons-library
react-native-rom-components
react-native-rtn-ips-poslin-test
react-native-sandycomponent
react-native-savczuk-feature-library
react-native-sayhello-module
react-native-screen-idle-timer
react-native-scroll-tab-to-index
react-native-shared-gesture
react-native-simple-timeline
react-native-sixdee_test_lib
react-native-sp-test-common
react-native-teknoctrl-components
react-native-test-comlibrary
react-native-test-module-hhh
react-native-test-view
react-native-ticker-tape
react-native-tone-framework
react-native-transtracker-library
react-native-ui-components-library
react-native-uvc-camera-android
react-native-version-app
react-native-volume-phisical
react-native-withframework-check
react-native-wtf
react-native-xiaomi-permissions
react-native-xprinter-thermal-ble
react-native-ytximkit
reactnatively
reat-native-multiplierkpr
refinejs-repo
rn-adyen-dropin
rn-agora-ios-m
rn-circular-chart
rn-counter-demo
rn-session-multiplier-demo
rn-tm-notify
rn_unique_device_id
robots-agent
rocomp
smart_one_connect
soajs.repositories
sourcecrumbs
stun
sushi-sdk-ftm
test-haptik-lib
test-zeo-collect
ts-scraper
tumblr-text
url-local
vision-camera-base64-resized
vision-camera-plugin-face-detector
vision-camera-plugin-scan-faces
vrt-cli
vue-cli-plugin-ice-builder
vue-cli-plugin-ut-builder
wa-frikz
wander-cli
warp-api
warp-server
web-yii2
wifi_configuration_package
workpad
xbuilder-forms
xl-git-up
yangtao-js
zeo-collect
zzzxxxyyy321123
FAQs
An advanced url parser supporting git urls too.
The npm package parse-url receives a total of 3,322,624 weekly downloads. As such, parse-url popularity was classified as popular.
We found that parse-url demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.