Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
path-to-regexp
Advanced tools
The path-to-regexp package is a utility for converting paths to and from regular expressions. It is commonly used for routing in web applications, allowing developers to define patterns for URL paths and extract parameters from them.
Path to RegExp Conversion
Convert a path string into a regular expression. It can also extract named parameter keys.
const { pathToRegexp } = require('path-to-regexp');
const keys = [];
const regexp = pathToRegexp('/user/:id', keys);
Extracting Parameters from a Path
Match a path against a pattern and extract the named parameters.
const { match } = require('path-to-regexp');
const matchFn = match('/user/:id');
const result = matchFn('/user/123');
// result.params will contain the extracted parameters
Compile Path to String
Compile a path function from a string pattern, which can then be used to construct paths with parameters.
const { compile } = require('path-to-regexp');
const toPath = compile('/user/:id');
const path = toPath({ id: 123 });
// path will be '/user/123'
Express is a web application framework for Node.js that includes its own routing capabilities, which are similar to path-to-regexp. Express uses path-to-regexp internally for its routing logic.
React Router is a routing library for React that uses path-to-regexp-like pattern matching for defining routes and extracting parameters, but it is specifically tailored for React applications.
url-pattern is another library for matching URLs against patterns and extracting parameters. It offers a similar API to path-to-regexp but with different syntax and additional options for pattern matching.
Turn an Express-style path string such as
/user/:name
into a regular expression.
npm install path-to-regexp --save
var pathToRegexp = require('path-to-regexp')
// pathToRegexp(path, keys, options)
// pathToRegexp.parse(path)
// pathToRegexp.compile(path)
true
the route will be case sensitive. (default: false
)false
the trailing slash is optional. (default: false
)false
the path will match at the beginning. (default: true
)var keys = []
var re = pathToRegexp('/foo/:bar', keys)
// re = /^\/foo\/([^\/]+?)\/?$/i
// keys = [{ name: 'bar', prefix: '/', delimiter: '/', optional: false, repeat: false, pattern: '[^\\/]+?' }]
The path string can be used to define parameters and populate the keys.
Named parameters are defined by prefixing a colon to the parameter name (:foo
). By default, the parameter will match until the following path segment.
var re = pathToRegexp('/:foo/:bar', keys)
// keys = [{ name: 'foo', prefix: '/', ... }, { name: 'bar', prefix: '/', ... }]
re.exec('/test/route')
//=> ['/test/route', 'test', 'route']
Please note: Named parameters must be made up of "word characters" ([A-Za-z0-9_]
).
Path segments are defined by "prefix" characters (.
or /
). If a prefix is used, and the parameter is followed by the same prefix character or end of the path, it is considered a segment and the prefix is part of the match. This behavior is apparent when using optional parameters.
var re = pathToRegexp('/:prefix(apple-)?icon-:res(\\d+).png', keys)
// keys = [{ name: 'prefix', prefix: '', ... }, { name: 'res', prefix: '', ... }]
re.exec('/icon-76.png')
//=> ['/icon-76.png', undefined, '76']
Parameters can be suffixed with a question mark (?
) to make the parameter optional. This will also make the prefix optional.
var re = pathToRegexp('/:foo/:bar?', keys)
// keys = [{ name: 'foo', ... }, { name: 'bar', delimiter: '/', optional: true, repeat: false }]
re.exec('/test')
//=> ['/test', 'test', undefined]
re.exec('/test/route')
//=> ['/test', 'test', 'route']
Parameters can be suffixed with an asterisk (*
) to denote a zero or more parameter matches. The prefix is taken into account for each match.
var re = pathToRegexp('/:foo*', keys)
// keys = [{ name: 'foo', delimiter: '/', optional: true, repeat: true }]
re.exec('/')
//=> ['/', undefined]
re.exec('/bar/baz')
//=> ['/bar/baz', 'bar/baz']
Parameters can be suffixed with a plus sign (+
) to denote a one or more parameter matches. The prefix is taken into account for each match.
var re = pathToRegexp('/:foo+', keys)
// keys = [{ name: 'foo', delimiter: '/', optional: false, repeat: true }]
re.exec('/')
//=> null
re.exec('/bar/baz')
//=> ['/bar/baz', 'bar/baz']
All parameters can be provided a custom regexp, which overrides the default ([^\/]+
).
var re = pathToRegexp('/:foo(\\d+)', keys)
// keys = [{ name: 'foo', ... }]
re.exec('/123')
//=> ['/123', '123']
re.exec('/abc')
//=> null
Please note: Backslashes need to be escaped with another backslash in strings.
It is possible to write an unnamed parameter that only consists of a matching group. It works the same as a named parameter, except it will be numerically indexed.
var re = pathToRegexp('/:foo/(.*)', keys)
// keys = [{ name: 'foo', ... }, { name: 0, ... }]
re.exec('/test/route')
//=> ['/test/route', 'test', 'route']
An asterisk can be used for matching everything. It is equivalent to an unnamed matching group of (.*)
.
var re = pathToRegexp('/foo/*', keys)
// keys = [{ name: '0', ... }]
re.exec('/foo/bar/baz')
//=> ['/foo/bar/baz', 'bar/baz']
The parse function is exposed via pathToRegexp.parse
. This will return an array of strings and keys.
var tokens = pathToRegexp.parse('/route/:foo/(.*)')
console.log(tokens[0])
//=> "/route"
console.log(tokens[1])
//=> { name: 'foo', prefix: '/', delimiter: '/', optional: false, repeat: false, pattern: '[^\\/]+?' }
console.log(tokens[2])
//=> { name: 0, prefix: '/', delimiter: '/', optional: false, repeat: false, pattern: '.*' }
Note: This method only works with Express-style strings.
Path-To-RegExp exposes a compile function for transforming an Express-style path into a valid path.
var toPath = pathToRegexp.compile('/user/:id')
toPath({ id: 123 }) //=> "/user/123"
toPath({ id: 'café' }) //=> "/user/caf%C3%A9"
toPath({ id: '/' }) //=> "/user/%2F"
toPath({ id: ':' }) //=> "/user/%3A"
toPath({ id: ':' }, { pretty: true }) //=> "/user/:"
var toPathRepeated = pathToRegexp.compile('/:segment+')
toPathRepeated({ segment: 'foo' }) //=> "/foo"
toPathRepeated({ segment: ['a', 'b', 'c'] }) //=> "/a/b/c"
var toPathRegexp = pathToRegexp.compile('/user/:id(\\d+)')
toPathRegexp({ id: 123 }) //=> "/user/123"
toPathRegexp({ id: '123' }) //=> "/user/123"
toPathRegexp({ id: 'abc' }) //=> Throws `TypeError`.
Note: The generated function will throw on invalid input. It will do all necessary checks to ensure the generated path is valid. This method only works with strings.
Path-To-RegExp exposes the two functions used internally that accept an array of tokens.
pathToRegexp.tokensToRegExp(tokens, options)
Transform an array of tokens into a matching regular expression.pathToRegexp.tokensToFunction(tokens)
Transform an array of tokens into a path generator function.Path-To-RegExp breaks compatibility with Express <= 4.x
:
/:user(.*)
*
, +
and ?
. E.g. /:user*
Includes a .d.ts
file for TypeScript users.
You can see a live demo of this library in use at express-route-tester.
MIT
1.3.0 / 2016-05-08
/:foo?-bar
)FAQs
Express style path to RegExp utility
The npm package path-to-regexp receives a total of 46,650,749 weekly downloads. As such, path-to-regexp popularity was classified as popular.
We found that path-to-regexp demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 5 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.