Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
query-string
Advanced tools
The query-string npm package is used for parsing and stringifying URL query strings. It provides a simple API for dealing with query strings in a way that is both convenient and cross-browser compatible.
Parsing query strings
This feature allows you to parse a query string into an object. It automatically handles various edge cases and decoding of parameters.
const queryString = require('query-string');
const parsed = queryString.parse('?foo=bar');
console.log(parsed); //=> {foo: 'bar'}
Stringifying objects
This feature enables you to take an object and convert it into a URL query string. It ensures that keys and values are properly encoded.
const queryString = require('query-string');
const stringified = queryString.stringify({foo: 'bar'});
console.log(stringified); //=> 'foo=bar'
Extracting query strings
This function extracts the query string from a URL.
const queryString = require('query-string');
const extracted = queryString.extract('http://example.com/?foo=bar');
console.log(extracted); //=> '?foo=bar'
Parsing arrays and objects
The package can parse query strings with array and object syntax, turning them into the corresponding JavaScript structures.
const queryString = require('query-string');
const parsed = queryString.parse('?foo[]=bar&foo[]=baz');
console.log(parsed); //=> {foo: ['bar', 'baz']}
The 'qs' package is a query string parser with nesting support. It is more feature-rich than query-string, allowing for complex structures like nested objects and arrays. However, it might be overkill for simple use cases.
This is a polyfill for the URLSearchParams API which is built into modern browsers. It provides similar functionality to query-string but is designed to mimic the native browser API.
querystringify is a small and simple query string parser and stringifier. It is focused on speed and simplicity, and while it has fewer features than query-string, it may be faster in some cases.
Parse and stringify URL query strings
🔥 Want to strengthen your core JavaScript skills and master ES6?
I would personally recommend this awesome ES6 course by Wes Bos. You might also like his React course.
$ npm install --save query-string
const queryString = require('query-string');
console.log(location.search);
//=> '?foo=bar'
const parsed = queryString.parse(location.search);
console.log(parsed);
//=> {foo: 'bar'}
console.log(location.hash);
//=> '#token=bada55cafe'
const parsedHash = queryString.parse(location.hash);
console.log(parsedHash);
//=> {token: 'bada55cafe'}
parsed.foo = 'unicorn';
parsed.ilike = 'pizza';
const stringified = queryString.stringify(parsed);
//=> 'foo=unicorn&ilike=pizza'
location.search = stringified;
// note that `location.search` automatically prepends a question mark
console.log(location.search);
//=> '?foo=unicorn&ilike=pizza'
Parse a query string into an object. Leading ?
or #
are ignored, so you can pass location.search
or location.hash
directly.
The returned object is created with Object.create(null)
and thus does not have a prototype
.
Type: string
Default: 'none'
Supports both index
for an indexed array representation or bracket
for a bracketed array representation.
bracket
: stands for parsing correctly arrays with bracket representation on the query string, such as:queryString.parse('foo[]=1&foo[]=2&foo[]=3', {arrayFormat: 'bracket'});
//=> foo: [1,2,3]
index
: stands for parsing taking the index into account, such as:queryString.parse('foo[0]=1&foo[1]=2&foo[3]=3', {arrayFormat: 'index'});
//=> foo: [1,2,3]
none
: is the default option and removes any bracket representation, such as:queryString.parse('foo=1&foo=2&foo=3');
//=> foo: [1,2,3]
Stringify an object into a query string, sorting the keys.
Type: boolean
Default: true
Strictly encode URI components with strict-uri-encode. It uses encodeURIComponent if set to false. You probably don't care about this option.
Type: boolean
Default: true
URL encode the keys and values.
Type: string
Default: 'none'
Supports both index
for an indexed array representation or bracket
for a bracketed array representation.
bracket
: stands for parsing correctly arrays with bracket representation on the query string, such as:queryString.stringify({foo: [1,2,3]}, {arrayFormat: 'bracket'});
// => foo[]=1&foo[]=2&foo[]=3
index
: stands for parsing taking the index into account, such as:queryString.stringify({foo: [1,2,3]}, {arrayFormat: 'index'});
// => foo[0]=1&foo[1]=2&foo[3]=3
none
: is the default option and removes any bracket representation, such as:queryString.stringify({foo: [1,2,3]});
// => foo=1&foo=2&foo=3
Extract a query string from a URL that can be passed into .parse()
.
This module intentionally doesn't support nesting as it's not spec'd and varies between implementations, which causes a lot of edge cases.
You're much better off just converting the object to a JSON string:
queryString.stringify({
foo: 'bar',
nested: JSON.stringify({
unicorn: 'cake'
})
});
//=> 'foo=bar&nested=%7B%22unicorn%22%3A%22cake%22%7D'
However, there is support for multiple instances of the same key:
queryString.parse('likes=cake&name=bob&likes=icecream');
//=> {likes: ['cake', 'icecream'], name: 'bob'}
queryString.stringify({color: ['taupe', 'chartreuse'], id: '515'});
//=> 'color=chartreuse&color=taupe&id=515'
Sometimes you want to unset a key, or maybe just make it present without assigning a value to it. Here is how falsy values are stringified:
queryString.stringify({foo: false});
//=> 'foo=false'
queryString.stringify({foo: null});
//=> 'foo'
queryString.stringify({foo: undefined});
//=> ''
MIT © Sindre Sorhus
FAQs
Parse and stringify URL query strings
The npm package query-string receives a total of 9,939,932 weekly downloads. As such, query-string popularity was classified as popular.
We found that query-string demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.