Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
The url-join npm package is a utility for joining and normalizing URLs. It is particularly useful when constructing URLs dynamically, ensuring that the resulting URL is correctly formatted without duplicated slashes or missing segments. This package can handle various scenarios, including joining multiple parts of a URL, handling query strings, and ensuring the correct inclusion of protocols.
Joining URL segments
This feature allows for the concatenation of multiple segments into a single, well-formed URL. It automatically handles the insertion or removal of slashes as needed between segments.
"const urlJoin = require('url-join');\nconst fullUrl = urlJoin('http://example.com', 'a', '/b/cd', '?foo=123');\nconsole.log(fullUrl); // Outputs: http://example.com/a/b/cd?foo=123"
Handling trailing slashes
This feature ensures that trailing slashes are correctly handled, either preserving them or removing them based on the input segments, thus maintaining the intended URL structure.
"const urlJoin = require('url-join');\nconst fullUrl = urlJoin('http://example.com/', '/a/b/', '/');\nconsole.log(fullUrl); // Outputs: http://example.com/a/b/"
Combining URL with query parameters
This feature demonstrates how url-join can be used to append query parameters to a base URL, ensuring that the '?' character is correctly placed and that the overall URL remains well-formed.
"const urlJoin = require('url-join');\nconst fullUrl = urlJoin('http://example.com', 'search', '?q=url+join');\nconsole.log(fullUrl); // Outputs: http://example.com/search?q=url+join"
While primarily focused on converting paths to regex, path-to-regexp can be used to construct URLs in a more controlled manner. It differs from url-join by offering more complex pattern matching and parameter handling, making it more suitable for routing purposes rather than simple URL concatenation.
URI.js is a more comprehensive URL manipulation library that offers functionality similar to url-join but extends far beyond it. It includes parsing, manipulation, and normalization of URLs, query string manipulation, and much more. Compared to url-join, URI.js is better suited for applications requiring extensive URL manipulation capabilities.
Join all arguments together and normalize the resulting url.
npm install url-join
var urljoin = require('url-join');
var fullUrl = urljoin('http://www.google.com', 'a', '/b/cd', '?foo=123');
console.log(fullUrl);
Prints:
'http://www.google.com/a/b/cd?foo=123'
It also works in the browser, you can either include lib/url-join.js
in your page:
<script src="url-join.js"></script>
<script type="text/javascript">
urljoin('http://blabla.com', 'foo?a=1')
</script>
Or using an AMD module system like requirejs:
define(['path/url-join.js'], function (urljoin) {
urljoin('http://blabla.com', 'foo?a=1');
});
MIT
FAQs
Join urls and normalize as in path.join.
The npm package url-join receives a total of 5,727,340 weekly downloads. As such, url-join popularity was classified as popular.
We found that url-join demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.