Security News
NIST Misses 2024 Deadline to Clear NVD Backlog
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
The ufo npm package provides utilities for URL formatting and normalization. It helps in parsing, resolving, and normalizing URLs, as well as providing utilities for handling query parameters.
Parsing and normalizing URLs
This feature allows you to normalize URLs, which includes removing the default port for HTTP and HTTPS, decoding unnecessary percent-encoded characters, and removing duplicate slashes.
const { normalizeURL } = require('ufo');
const normalizedUrl = normalizeURL('http://example.com:80/path/');
Handling query parameters
This feature enables you to easily add query parameters to a URL, which can be useful for constructing URLs with dynamic query strings.
const { withQuery } = require('ufo');
const urlWithQuery = withQuery('http://example.com', { query: 'value' });
Joining URLs
This feature is used to concatenate URL parts safely, ensuring that there are no duplicate slashes and that the query string is properly appended.
const { joinURL } = require('ufo');
const fullUrl = joinURL('http://example.com', '/path', '?query=value');
The url-parse package offers similar URL parsing and manipulation functionalities. It provides a more detailed breakdown of the URL components and can be used in both Node.js and browser environments, whereas ufo is more focused on URL normalization and handling.
The qs package is used for parsing and stringifying query strings. It goes into more depth for handling nested objects within query strings compared to ufo's simpler query parameter utilities.
URI.js is a URL mutation library that offers comprehensive URL manipulation capabilities. It has a fluent API for building and altering URL components, which might be more intuitive for some developers compared to ufo's more functional approach.
Install using npm or yarn:
npm i ufo
# or
yarn add ufo
Import:
// CommonJS
const { normalizeURL, joinURL } = require('ufo')
// ESM
import { normalizeURL, joinURL } from 'ufo'
// Deno
import { parseURL } from 'https://unpkg.com/ufo/dist/index.mjs'
Notice: You may need to transpile package and add URL polyfill for legacy environments
normalizeURL
// Result: test?query=123%20123#hash,%20test
normalizeURL('test?query=123 123#hash, test')
// Result: http://localhost:3000/
normalizeURL('http://localhost:3000')
joinURL
// Result: a/b/c
joinURL('a', '/b', '/c')
resolveURL
// Result: http://foo.com/foo/bar/baz?test=123#token
resolveURL('http://foo.com/foo?test=123#token', 'bar', 'baz')
parseURL
// Result: { protocol: 'http:', auth: '', host: 'foo.com', pathname: '/foo', search: '?test=123', hash: '#token' }
parseURL('http://foo.com/foo?test=123#token')
// Result: { pathname: 'foo.com/foo', search: '?test=123', hash: '#token' }
parseURL('foo.com/foo?test=123#token')
// Result: { protocol: 'https:', auth: '', host: 'foo.com', pathname: '/foo', search: '?test=123', hash: '#token' }
parseURL('foo.com/foo?test=123#token', 'https://')
withQuery
// Result: /foo?page=a&token=secret
withQuery('/foo?page=a', { token: 'secret' })
getQuery
// Result: { test: '123', unicode: '好' }
getQuery('http://foo.com/foo?test=123&unicode=%E5%A5%BD')
$URL
Implementing URL interface with some improvements:
protocol
, host
, auth
, pathname
, query
, hash
)withTrailingSlash
Ensures url ends with a trailing slash
// Result: /foo/
withTrailingSlash('/foo')
// Result: /path/?query=true
withTrailingSlash('/path?query=true', true)
withoutTrailingSlash
Ensures url does not ends with a trailing slash
// Result: /foo
withoutTrailingSlash('/foo/')
// Result: /path?query=true
withoutTrailingSlash('/path/?query=true', true)
cleanDoubleSlashes
Ensures url does not have double slash (except for protocol)
// Result: /foo/bar/
cleanDoubleSlashes('//foo//bar//')
// Result: http://example.com/analyze/http://localhost:3000/
cleanDoubleSlashes('http://example.com/analyze//http://localhost:3000//')
isSamePath
Check two paths are equal or not. Trailing slash and encoding are normalized before comparation.
// Result: true
isSamePath('/foo', '/foo/')
isRelative
Check if a path starts with ./
or ../
.
// Result: true
isRelative('./foo')
withHttp
Ensures url protocol is http
// Result: http://example.com
withHttp('https://example.com')
withHttps
Ensures url protocol is https
// Result: https://example.com
withHttps('http://example.com')
withProtocol
Changes url protocol passed as second argument
// Result: ftp://example.com
withProtocol('http://example.com', 'ftp://')
withoutProtocol
Removes url protocol
// Result: example.com
withoutProtocol('http://example.com')
isEqual
Compare two URLs regardless of their slash condition or encoding:
// Result: true
isEqual('/foo', 'foo')
isEqual('foo/', 'foo')
isEqual('/foo bar', '/foo%20bar')
// Strict compare
// Result: false
isEqual('/foo', 'foo', { leadingSlash: true })
isEqual('foo/', 'foo', { trailingSlash: true })
isEqual('/foo bar', '/foo%20bar', { encoding: true })
Special thanks to Eduardo San Martin Morote (posva) for encoding utlities
FAQs
URL utils for humans
The npm package ufo receives a total of 7,857,376 weekly downloads. As such, ufo popularity was classified as popular.
We found that ufo demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
NIST has failed to meet its self-imposed deadline of clearing the NVD's backlog by the end of the fiscal year. Meanwhile, CVE's awaiting analysis have increased by 33% since June.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.