Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
The urijs (also known as URI.js) package is a versatile library for working with URLs. It provides utilities for parsing, manipulating, and building URIs in a fluent API style. This makes it easier to handle various components of URIs such as protocol, hostname, path, query, and fragment.
Parsing URIs
This feature allows for parsing URIs and accessing their different components like protocol, hostname, etc. The example demonstrates how to parse a URI and retrieve the protocol component.
const URI = require('urijs');
const uri = URI('http://example.com/foo?bar=baz');
console.log(uri.protocol()); // 'http'
Manipulating URIs
This feature enables modification of various URI components. The example shows how to change the path segment of a URI.
const URI = require('urijs');
const uri = URI('http://example.com/foo');
const newUri = uri.segment('bar').toString();
console.log(newUri); // 'http://example.com/bar'
Building URIs
This feature is useful for constructing URIs from scratch by chaining methods to set different URI components. The example constructs a complete URI from individual components.
const URI = require('urijs');
const uri = URI().protocol('http').hostname('example.com').path('/foo').query({ bar: 'baz' }).toString();
console.log(uri); // 'http://example.com/foo?bar=baz'
url-parse is another npm package that offers similar functionalities for parsing and manipulating URLs. It provides a more straightforward API for parsing URLs and can handle relative URLs better than urijs. However, urijs offers more fluent and versatile URI manipulation capabilities.
While primarily focused on parsing and stringifying query strings, qs can be used in conjunction with other URL manipulation libraries to provide functionality similar to urijs. It does not handle full URI components but is very efficient for query string operations compared to urijs's broader URL handling features.
IMPORTANT: You may not need URI.js anymore! Modern browsers provide the URL and URLSearchParams interfaces.
NOTE: The npm package name changed to
urijs
I always want to shoot myself in the head when looking at code like the following:
var url = "http://example.org/foo?bar=baz";
var separator = url.indexOf('?') > -1 ? '&' : '?';
url += separator + encodeURIComponent("foo") + "=" + encodeURIComponent("bar");
Things are looking up with URL and the URL spec but until we can safely rely on that API, have a look at URI.js for a clean and simple API for mutating URIs:
var url = new URI("http://example.org/foo?bar=baz");
url.addQuery("foo", "bar");
URI.js is here to help with that.
// mutating URLs
URI("http://example.org/foo.html?hello=world")
.username("rodneyrehm")
// -> http://rodneyrehm@example.org/foo.html?hello=world
.username("")
// -> http://example.org/foo.html?hello=world
.directory("bar")
// -> http://example.org/bar/foo.html?hello=world
.suffix("xml")
// -> http://example.org/bar/foo.xml?hello=world
.query("")
// -> http://example.org/bar/foo.xml
.tld("com")
// -> http://example.com/bar/foo.xml
.query({ foo: "bar", hello: ["world", "mars"] });
// -> http://example.com/bar/foo.xml?foo=bar&hello=world&hello=mars
// cleaning things up
URI("?&foo=bar&&foo=bar&foo=baz&")
.normalizeQuery();
// -> ?foo=bar&foo=baz
// working with relative paths
URI("/foo/bar/baz.html")
.relativeTo("/foo/bar/world.html");
// -> ./baz.html
URI("/foo/bar/baz.html")
.relativeTo("/foo/bar/sub/world.html")
// -> ../baz.html
.absoluteTo("/foo/bar/sub/world.html");
// -> /foo/bar/baz.html
// URI Templates
URI.expand("/foo/{dir}/{file}", {
dir: "bar",
file: "world.html"
});
// -> /foo/bar/world.html
See the About Page and API Docs for more stuff.
URI.js (without plugins) has a gzipped weight of about 7KB - if you include all extensions you end up at about 13KB. So unless you need second level domain support and use URI templates, we suggest you don't include them in your build. If you don't need a full featured URI mangler, it may be worth looking into the much smaller parser-only alternatives listed below.
URI.js is available through npm, bower, bowercdn, cdnjs and manually from the build page:
# using bower
bower install uri.js
# using npm
npm install urijs
I guess you'll manage to use the build tool or follow the instructions below to combine and minify the various files into URI.min.js - and I'm fairly certain you know how to <script src=".../URI.min.js"></script>
that sucker, too.
Install with npm install urijs
or add "urijs"
to the dependencies in your package.json
.
// load URI.js
var URI = require('urijs');
// load an optional module (e.g. URITemplate)
var URITemplate = require('urijs/src/URITemplate');
URI("/foo/bar/baz.html")
.relativeTo("/foo/bar/sub/world.html")
// -> ../baz.html
Clone the URI.js repository or use a package manager to get URI.js into your project.
require.config({
paths: {
urijs: 'where-you-put-uri.js/src'
}
});
require(['urijs/URI'], function(URI) {
console.log("URI.js and dependencies: ", URI("//amazon.co.uk").is('sld') ? 'loaded' : 'failed');
});
require(['urijs/URITemplate'], function(URITemplate) {
console.log("URITemplate.js and dependencies: ", URITemplate._cache ? 'loaded' : 'failed');
});
See the build tool or use Google Closure Compiler:
// ==ClosureCompiler==
// @compilation_level SIMPLE_OPTIMIZATIONS
// @output_file_name URI.min.js
// @code_url http://medialize.github.io/URI.js/src/IPv6.js
// @code_url http://medialize.github.io/URI.js/src/punycode.js
// @code_url http://medialize.github.io/URI.js/src/SecondLevelDomains.js
// @code_url http://medialize.github.io/URI.js/src/URI.js
// @code_url http://medialize.github.io/URI.js/src/URITemplate.js
// ==/ClosureCompiler==
Documents specifying how URLs work:
mailto:
URL SchemeInformal stuff
How other environments do things
window.URL
constructor for NodeIf you don't like URI.js, you may like one of the following libraries. (If yours is not listed, drop me a line…)
URI.js is published under the MIT license. Until version 1.13.2 URI.js was also published under the GPL v3 license - but as this dual-licensing causes more questions than helps anyone, it was dropped with version 1.14.0.
moved to Changelog
1.19.11 (April 3rd 2022) ###
URI.parse()
handle excessive slashes in scheme-relative URLs - disclosed by zeyu2001 via https://huntr.dev/URI.parse()
remove \r
(CR), \n
, (LF) \t
(TAB) - disclosed by haxatron via https://huntr.dev/FAQs
URI.js is a Javascript library for working with URLs.
The npm package urijs receives a total of 1,978,710 weekly downloads. As such, urijs popularity was classified as popular.
We found that urijs demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.