Sign inDemoInstall


Package Overview
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies



An RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/validating/resolving library for JavaScript.

Version published
Weekly downloads
increased by4.8%

Weekly downloads

Package description

What is uri-js?

The uri-js package is a utility for working with URIs (Uniform Resource Identifiers) in JavaScript. It provides functions for parsing, serializing, normalizing, and resolving URIs, as well as working with individual URI components.

What are uri-js's main functionalities?

Parsing URIs

This feature allows you to parse a URI string into its components, such as scheme, authority, path, query, and fragment.

const URI = require('uri-js');
const parsedURI = URI.parse('');

Serializing URIs

This feature allows you to build a URI string from its individual components.

const URI = require('uri-js');
const components = {
  scheme: 'https',
  userinfo: 'user:pass',
  host: '',
  port: 8080,
  path: '/path',
  query: 'query=string',
  fragment: 'fragment'
const serializedURI = URI.serialize(components);

Normalizing URIs

This feature allows you to normalize a URI by converting it to its canonical form, which is useful for URI comparison.

const URI = require('uri-js');
const normalizedURI = URI.normalize('HTTP://EXAMPLE.COM:80/a/../b/./c%2f?%61');

Resolving URIs

This feature allows you to resolve a relative URI against a base URI, resulting in an absolute URI.

const URI = require('uri-js');
const baseURI = '';
const relativeURI = '../other';
const resolvedURI = URI.resolve(baseURI, relativeURI);

Other packages similar to uri-js




URI.js is an RFC 3986 compliant, scheme extendable URI parsing/validating/resolving library for all JavaScript environments (browsers, Node.js, etc). It is also compliant with the IRI (RFC 3987), IDNA (RFC 5890), IPv6 Address (RFC 5952), IPv6 Zone Identifier (RFC 6874) specifications.

URI.js has an extensive test suite, and works in all (Node.js, web) environments. It weighs in at 6.4kb (gzipped, 17kb deflated).



//  scheme : "uri",
//  userinfo : "user:pass",
//  host : "",
//  port : 123,
//  path : "/one/two.three",
//  query : "q1=a1&q2=a2",
//  fragment : "body"


URI.serialize({scheme : "http", host : "", fragment : "footer"}) === ""


URI.resolve("uri://a/b/c/d?q", "../../g") === "uri://a/g"


URI.normalize("HTTP://") === ""


URI.equal("example://a/b/c/%7Bfoo%7D", "eXAMPLE://a/./b/../b/%63/%7bfoo%7d") === true

IP Support

//IPv4 normalization
URI.normalize("//") === "//"

//IPv6 normalization
URI.normalize("//[2001:0:0DB8::0:0001]") === "//[2001:0:db8::1]"

//IPv6 zone identifier support
//  host : "2001:db8::7%en1"

IRI Support

//convert IRI to URI
URI.serialize(URI.parse("http://examplé.org/rosé")) === ""
//convert URI to IRI
URI.serialize(URI.parse(""), {iri:true}) === "http://examplé.org/rosé"


All of the above functions can accept an additional options argument that is an object that can contain one or more of the following properties:

  • scheme (string)

    Indicates the scheme that the URI should be treated as, overriding the URI's normal scheme parsing behavior.

  • reference (string)

    If set to "suffix", it indicates that the URI is in the suffix format, and the validator will use the option's scheme property to determine the URI's scheme.

  • tolerant (boolean, false)

    If set to true, the parser will relax URI resolving rules.

  • absolutePath (boolean, false)

    If set to true, the serializer will not resolve a relative path component.

  • iri (boolean, false)

    If set to true, the serializer will unescape non-ASCII characters as per RFC 3987.

  • unicodeSupport (boolean, false)

    If set to true, the parser will unescape non-ASCII characters in the parsed output as per RFC 3987.

  • domainHost (boolean, false)

    If set to true, the library will treat the host component as a domain name, and convert IDNs (International Domain Names) as per RFC 5891.

Scheme Extendable

URI.js supports inserting custom scheme dependent processing rules. Currently, URI.js has built in support for the following schemes:


URI.equal("HTTP://ABC.COM:80", "") === true
URI.equal("", "HTTPS://ABC.COM:443/") === true

WS/WSS Support

//	scheme : "wss",
//	host: "",
//	resourceName: "/foo?bar=baz",
//	secure: true,

URI.equal("WS://ABC.COM:80/chat#one", "ws://") === true

Mailto Support

//	scheme : "mailto",
//	to : ["", ""],
//	subject : "SUBSCRIBE",
//	body : "Sign me up!"

	scheme : "mailto",
	to : [""],
	subject : "REMOVE",
	body : "Please remove me",
	headers : {
		cc : ""
}) === ""

URN Support

//	scheme : "urn",
//	nid : "example",
//	nss : "foo",
URN UUID Support
//	scheme : "urn",
//	nid : "uuid",
//	uuid : "f81d4fae-7dec-11d0-a765-00a0c91e6bf6",


To load in a browser, use the following tag:

<script type="text/javascript" src="uri-js/dist/es5/uri.all.min.js"></script>

To load in a CommonJS/Module environment, first install with npm/yarn by running on the command line:

npm install uri-js
# OR
yarn add uri-js

Then, in your code, load it using:

const URI = require("uri-js");

If you are writing your code in ES6+ (ESNEXT) or TypeScript, you would load it using:

import * as URI from "uri-js";

Or you can load just what you need using named exports:

import { parse, serialize, resolve, resolveComponents, normalize, equal, removeDotSegments, pctEncChar, pctDecChars, escapeComponent, unescapeComponent } from "uri-js";

Breaking changes

Breaking changes from 3.x

URN parsing has been completely changed to better align with the specification. Scheme is now always urn, but has two new properties: nid which contains the Namspace Identifier, and nss which contains the Namespace Specific String. The nss property will be removed by higher order scheme handlers, such as the UUID URN scheme handler.

The UUID of a URN can now be found in the uuid property.

Breaking changes from 2.x

URI validation has been removed as it was slow, exposed a vulnerabilty, and was generally not useful.

Breaking changes from 1.x

The errors array on parsed components is now an error string.



Last updated on 10 Jan 2021

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.


Related posts

SocketSocket SOC 2 Logo


  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc