Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Package description
The tr46 npm package is a JavaScript implementation of the TR46 algorithm, which is used for processing internationalized domain names (IDNs) and internationalized email addresses. It provides functionality to convert Unicode strings to ASCII strings that conform to the IDNA (Internationalized Domain Names in Applications) standards, and vice versa. This is useful for applications that need to handle domain names containing non-ASCII characters.
toASCII
Converts a Unicode domain name to an ASCII Compatible Encoding (ACE), following the IDNA standards. This is useful for domain name resolution in environments that only support ASCII.
const tr46 = require('tr46');
const result = tr46.toASCII('täst.com');
console.log(result); // 'xn--tst-qla.com'
toUnicode
Converts an ASCII Compatible Encoding (ACE) domain name back to its Unicode form. This is useful for displaying domain names to users in their native script.
const tr46 = require('tr46');
const result = tr46.toUnicode('xn--tst-qla.com');
console.log(result); // 'täst.com'
processing options
Provides additional processing options for toASCII and toUnicode functions, such as checking for proper use of hyphens, bidirectional characters, and joiners, as well as using STD3 ASCII rules and choosing between transitional or non-transitional processing.
const tr46 = require('tr46');
const result = tr46.toASCII('täst.com', {checkHyphens: true, checkBidi: true, checkJoiners: true, useSTD3ASCIIRules: true, processingOption: 'TRANSITIONAL'});
console.log(result); // 'xn--tst-qla.com'
Punycode.js is a robust Punycode converter that fully complies with RFC 3492 and RFC 5891, and works on nearly all JavaScript platforms. This package is used to convert Unicode strings to Punycode and vice versa, similar to tr46's toASCII and toUnicode functions. However, tr46 provides additional processing options and is designed to comply with the TR46 algorithm.
The idna-uts46 package is a small library that converts a Unicode string to an ASCII string as per the IDNA2008 (UTS #46) standard. It is similar to tr46 in that it handles internationalized domain names, but it may have different API options and compliance specifics.
Readme
An JavaScript implementation of Unicode Technical Standard #46: Unicode IDNA Compatibility Processing.
Node.js ≥ 12 is required. To install, type this at the command line:
npm install tr46
# or
yarn add tr46
toASCII(domainName[, options])
Converts a string of Unicode symbols to a case-folded Punycode string of ASCII symbols.
Available options:
toUnicode(domainName[, options])
Converts a case-folded Punycode string of ASCII symbols to a string of Unicode symbols.
Available options:
checkBidi
Type: boolean
Default value: false
When set to true
, any bi-directional text within the input will be checked for validation.
checkHyphens
Type: boolean
Default value: false
When set to true
, the positions of any hyphen characters within the input will be checked for validation.
checkJoiners
Type: boolean
Default value: false
When set to true
, any word joiner characters within the input will be checked for validation.
processingOption
Type: string
Default value: "nontransitional"
When set to "transitional"
, symbols within the input will be validated according to the older IDNA2003 protocol. When set to "nontransitional"
, the current IDNA2008 protocol will be used.
useSTD3ASCIIRules
Type: boolean
Default value: false
When set to true
, input will be validated according to STD3 Rules.
verifyDNSLength
Type: boolean
Default value: false
When set to true
, the length of each DNS label within the input will be checked for validation.
FAQs
An implementation of the Unicode UTS #46: Unicode IDNA Compatibility Processing
The npm package tr46 receives a total of 51,021,322 weekly downloads. As such, tr46 popularity was classified as popular.
We found that tr46 demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.