Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
query-string
Advanced tools
The query-string npm package is used for parsing and stringifying URL query strings. It provides a simple API for dealing with query strings in a way that is both convenient and cross-browser compatible.
Parsing query strings
This feature allows you to parse a query string into an object. It automatically handles various edge cases and decoding of parameters.
const queryString = require('query-string');
const parsed = queryString.parse('?foo=bar');
console.log(parsed); //=> {foo: 'bar'}
Stringifying objects
This feature enables you to take an object and convert it into a URL query string. It ensures that keys and values are properly encoded.
const queryString = require('query-string');
const stringified = queryString.stringify({foo: 'bar'});
console.log(stringified); //=> 'foo=bar'
Extracting query strings
This function extracts the query string from a URL.
const queryString = require('query-string');
const extracted = queryString.extract('http://example.com/?foo=bar');
console.log(extracted); //=> '?foo=bar'
Parsing arrays and objects
The package can parse query strings with array and object syntax, turning them into the corresponding JavaScript structures.
const queryString = require('query-string');
const parsed = queryString.parse('?foo[]=bar&foo[]=baz');
console.log(parsed); //=> {foo: ['bar', 'baz']}
The 'qs' package is a query string parser with nesting support. It is more feature-rich than query-string, allowing for complex structures like nested objects and arrays. However, it might be overkill for simple use cases.
This is a polyfill for the URLSearchParams API which is built into modern browsers. It provides similar functionality to query-string but is designed to mimic the native browser API.
querystringify is a small and simple query string parser and stringifier. It is focused on speed and simplicity, and while it has fewer features than query-string, it may be faster in some cases.
Parse and stringify URL query strings
$ npm install --save query-string
$ bower install --save query-string
$ component install sindresorhus/query-string
console.log(location.search);
// ?foo=bar
var parsed = queryString.parse(location.search);
console.log(parsed);
// {foo: 'bar'}
console.log(location.hash);
// #token=bada55cafe
var parsedHash = queryString.parse(location.hash);
console.log(parsedHash);
// {token: 'bada55cafe'}
parsed.foo = 'unicorn';
parsed.ilike = 'pizza';
location.search = queryString.stringify(parsed);
console.log(location.search);
// ?foo=unicorn&ilike=pizza
Parse a query string into an object. Leading ?
or #
are ignored, so you can pass location.search
or location.hash
directly.
Stringify an object into a query string.
This module intentionally doesn't support nesting as it's not specced and varies between implementations, which causes a lot of edge cases.
You're much better off just converting the object to a JSON string:
queryString.stringify({
foo: 'bar',
nested: JSON.stringify({
unicorn: 'cake'
})
});
// foo=bar&nested=%7B%22unicorn%22%3A%22cake%22%7D
MIT © Sindre Sorhus
FAQs
Parse and stringify URL query strings
We found that query-string demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.