Research
Security News
Kill Switch Hidden in npm Packages Typosquatting Chalk and Chokidar
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
The urlgrey npm package is a utility for parsing, manipulating, and formatting URLs. It provides a fluent API for working with URLs, making it easy to construct, deconstruct, and modify URL components.
Parsing URLs
This feature allows you to parse a URL string into an object that you can manipulate. The `urlgrey` function takes a URL string and returns an object representing the URL.
const urlgrey = require('urlgrey');
const url = urlgrey('http://example.com/path?query=1#hash');
console.log(url.toString());
Modifying URL Components
This feature allows you to modify different components of the URL such as the path, query string, and hash. The methods `path`, `query`, and `hash` are used to set new values for these components.
const urlgrey = require('urlgrey');
const url = urlgrey('http://example.com/path?query=1#hash');
const newUrl = url.path('/newpath').query('newquery=2').hash('newhash');
console.log(newUrl.toString());
Building URLs
This feature allows you to build a URL from scratch by setting various components like protocol, host, path, query, and hash. The fluent API makes it easy to chain these methods together.
const urlgrey = require('urlgrey');
const url = urlgrey().protocol('https').host('example.com').path('/newpath').query('newquery=2').hash('newhash');
console.log(url.toString());
The 'url' package is a core Node.js module for URL resolution and parsing. It provides basic utilities for URL parsing and formatting but lacks the fluent API provided by urlgrey.
The 'url-parse' package is a more feature-rich alternative to the core 'url' module. It provides similar functionality to urlgrey, including parsing and manipulating URLs, but with a different API design.
The 'query-string' package focuses on parsing and stringifying URL query strings. While it doesn't handle the entire URL, it can be used in conjunction with other packages to manage query parameters effectively.
Urlgrey is a library for url manipulation. It's got a chainable/fluent interface that makes a number of methods available for querying different aspects of a url, and even modifying it to create new urls.
Most methods are named after different parts of the url and allow you to read that part from the current url if you don't pass any parameters, or they allow you to generate a new url with a change to that part in the current url if you do pass a parameter.
For the examples below, we'll use the following url:
https://user:pass@subdomain.asdf.com/path/kid?asdf=1234#frag
To create a new urlgrey object, just pass a url to urlgrey like so:
var url = urlgrey("https://user:pass@subdomain.asdf.com/path/kid?asdf=1234#frag")
Setter/getter for the last part of a path:
url.child(); // returns "kid"
url.child("grandkid"); // returns a new uri object with the uri
// https://user:pass@subdomain.asdf.com/path/kid/grandkid?asdf=1234#frag
Returns the decoded version of the input string using node's standard querystring.unescape().
url.decode('this%20is%20a%20test'); // returns "this is a test"
Returns the encoded version of the input string using node's standard querystring.escape().
url.encode('this is a test'); // returns 'this%20is%20a%20test'
Setter/getter for the url fragment/anchor/hash of a path.
url.hash(); // returns 'frag'
url.hash("blah"); // returns a new uri object with the uri
// https://user:pass@subdomain.asdf.com/path/kid/?asdf=1234#blah
Setter/getter for the url hostname.
url.hostname(); // returns 'subdomain.asdf.com'
url.hostname("geocities.com"); // returns a new uri object with the uri
// https://user:pass@geocities.com/path/kid/?asdf=1234#frag
Get the parent URI of the current URI. (This property is read-only).
url.parent(); // returns a new uri object with the uri
// https://user:pass@subdomain.asdf.com/path/
Setter/getter for the password portion of the url.
url.password(); // returns 'pass'
url.password("newpass"); // returns a new uri object with the uri
// https://user:newpass@subdomain.asdf.com/path/kid/?asdf=1234#frag
Setter/getter for the path, querystring and fragment portion of the url all at once.
url.extendedPath(); // returns '/path/kid?asdf=1234#frag'
url.extendedPath("/newpath?new=query#newfrag"); // returns a new uri object with the uri
// https://user:newpass@subdomain.asdf.com/newpath?new=query#newfrag
Setter/getter for the path portion of the url.
url.path(); // returns '/path/kid'
url.path("newpath"); // returns a new uri object with the uri
// https://user:newpass@subdomain.asdf.com/newpath
// ALSO, .path() can take arrays of strings as input as well:
url.path(['qwer', '/asdf'], 'qwer/1234/', '/1234/');
// this returns a new uri object with the uri
// https://user:newpass@subdomain.asdf.com/qwer/asdf/qwer/1234/1234
Note: changing the path will remove the querystring and hash, since they rarely make sense on a new path.
Setter/getter for the port portion of the url.
url.port(); // returns 80
url.port(8080); // returns a new uri object with the uri
// https://user:pass@subdomain.asdf.com:8080/path/kid/?asdf=1234#frag
Setter/getter for the protocol portion of the url.
url.protocol(); // returns 'https'
url.protocol("http"); // returns a new uri object with the uri
// http://user:pass@subdomain.asdf.com/path/kid/?asdf=1234#frag
Setter/getter for the querystring using javascript objects.
url.query(); // returns {asdf : 1234}
url.query(false); // returns a new uri object with the querystring-free uri
// https://user:pass@subdomain.asdf.com/path/kid#frag
url.query({spaced : 'space test'})
// returns a new uri object with the input object serialized
// and merged into the querystring like so:
// https://user:pass@subdomain.asdf.com/path/kid/?asdf=1234&spaced=space%20test#frag
NOTE: escaping and unescaping of applicable characters happens automatically. (eg " " to "%20", and vice versa)
NOTE: an input object will overwrite an existing querystring where they have the same names.
NOTE: an input object will remove an existing name-value pair where they have the same names and the value in the input name-value pair is null.
Setter/getter for the querystring using a plain string representation. This is lower-level than .query(), but allows complete control of the querystring.
url.queryString(); // returns asdf=1234 (notice there is no leading '?')
url.queryString("blah"); // returns a new uri object with a new querystring
// https://user:pass@subdomain.asdf.com/path/kid?blah#frag
NOTE: no escaping/unescaping of applicable characters will occur. This must be done manually.
This method is the same as url.child() but does not automatically url-encode any part of the input.
This method is the same as url.path() but does not automatically url-encode any part of the path.
This method is the same as url.query() but does not automatically url-encode any of the keys or values in an input object.
Returns the json representation of the uri object, which is simply the uri as a string. The output is exactly the same as .toString(). This method is read-only.
url.toJson(); // returns "https://user:pass@subdomain.asdf.com/path/kid/?asdf=1234#frag"
Returns the string representation of the uri object, which is simply the uri as a string. This method is read-only.
url.toString(); // returns "https://user:pass@subdomain.asdf.com/path/kid/?asdf=1234#frag"
Setter/getter for the username portion of the url.
url.username(); // returns 'user'
url.username("newuser"); // returns a new uri object with the
// uri https://newuser:pass@subdomain.asdf.com/path/kid/?asdf=1234#frag
npm install urlgrey --save
Also! If you're using urlgrey in an http application, see urlgrey-connect. It gives you an urlgrey object already instantiated with the request url as req.uri in all your request handlers.
make test
FAQs
urlgrey is a library for url querying and manipulation
The npm package urlgrey receives a total of 333,734 weekly downloads. As such, urlgrey popularity was classified as popular.
We found that urlgrey demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.