Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
By Sarah Gooding - Apr 23, 2024
valid-url
Advanced tools
- Version published
- Weekly downloads
- 2.3M
- increased by2.14%
- Maintainers
- 2
- Install size
- 17.6 kB
- Created
- Weekly downloads
Package description
What is valid-url?
The valid-url npm package provides utilities for URL validation and parsing. It allows developers to check if a given string is a valid URL and to parse URLs into their components.
What are valid-url's main functionalities?
URL Validation
This feature allows you to check if a string is a valid URL. The `isUri` method returns the URL if it's valid, otherwise undefined. It's useful for validating URLs before attempting to make HTTP requests or storing them in a database.
"use strict";\nconst validUrl = require('valid-url');\n\nif (validUrl.isUri('http://www.google.com')){\n console.log('Looks like an URI');\n} else {\n console.log('Not a URI');\n}"URL Parsing
While the primary focus of valid-url is validation, the returned valid URI string from `isUri` can be further parsed using other libraries or custom code to extract components like protocol, host, path, and query parameters. This example demonstrates basic usage for validation, hinting at further parsing possibilities.
"use strict";\nconst validUrl = require('valid-url');\n\nlet uri = validUrl.isUri('http://www.example.com/path?name=query');\nif (uri){\n console.log('URI is', uri);\n // Additional parsing logic here\n} else {\n console.log('Not a URI');\n}"Other packages similar to valid-url
validator
Validator is a library that offers a wide range of string validation and sanitization methods, including URL validation. Compared to valid-url, validator provides a broader set of functionalities beyond URLs, making it suitable for more comprehensive input validation needs.
url-regex
url-regex is a package specifically designed to provide regular expressions for URL validation. Unlike valid-url, which offers simple validation checks, url-regex allows for more customizable and potentially stricter URL validation based on regex patterns.
Readme
URI validation functions
Synopsis
Common url validation methods
var validUrl = require('valid-url');
if (validUrl.isUri(suspect)){
console.log('Looks like an URI');
} else {
console.log('Not a URI');
}
Replicates the functionality of Richard Sonnen sonnen@richardsonnen.com perl module : http://search.cpan.org/~sonnen/Data-Validate-URI-0.01/lib/Data/Validate/URI.pm full code here into a nodejs module. Translated practically line by line from perl. It passes all the original tests.
Description
(copied from original perl module)
This module collects common URI validation routines to make input validation, and untainting easier and more readable. All functions return an untainted value if the test passes, and undef if it fails. This means that you should always check for a defined status explicitly. Don't assume the return will be true. The value to test is always the first (and often only) argument. There are a number of other URI validation modules out there as well (see below.) This one focuses on being fast, lightweight, and relatively 'real-world'. i.e. it's good if you want to check user input, and don't need to parse out the URI/URL into chunks. Right now the module focuses on HTTP URIs, since they're arguably the most common. If you have a specialized scheme you'd like to have supported, let me know.
Installation
npm install valid-url
Methods
/*
* @Function isUri(value)
*
* @Synopsis is the value a well-formed uri?
* @Description
Returns the untainted URI if the test value appears to be well-formed. Note that
you may really want one of the more practical methods like is_http_uri or is_https_uri,
since the URI standard (RFC 3986) allows a lot of things you probably don't want.
* @Arguments
* value The potential URI to test.
*
* @Returns The untainted RFC 3986 URI on success, undefined on failure.
* @Notes
This function does not make any attempt to check whether the URI is accessible
or 'makes sense' in any meaningful way. It just checks that it is formatted
correctly.
*
*/
/*
* @Function isHttpUri(value)
* @Synopsis is the value a well-formed HTTP uri?
* @Description
Specialized version of isUri() that only likes http:// urls. As a result, it can
also do a much more thorough job validating. Also, unlike isUri() it is more
concerned with only allowing real-world URIs through. Things like relative
hostnames are allowed by the standards, but probably aren't wise. Conversely,
null paths aren't allowed per RFC 2616 (should be '/' instead), but are allowed
by this function.
This function only works for fully-qualified URIs. /bob.html won't work.
See RFC 3986 for the appropriate method to turn a relative URI into an absolute
one given its context.
Returns the untainted URI if the test value appears to be well-formed.
Note that you probably want to either call this in combo with is_https_uri(). i.e.
if(isHttpUri(uri) || isHttpsUri(uri)) console.log('Good');
or use the convenience method isWebUri which is equivalent.
* @Arguments
* value The potential URI to test.
*
* @Returns The untainted RFC 3986 URI on success, undefined on failure.
* @Notes
This function does not make any attempt to check whether the URI is accessible
or 'makes sense' in any meaningful way. It just checks that it is formatted
correctly.
*/
/*
* @Function isHttpsUri(value)
* @Synopsis is the value a well-formed HTTPS uri?
* @Description
See is_http_uri() for details. This version only likes the https URI scheme.
Otherwise it's identical to is_http_uri()
* @Arguments
* value The potential URI to test.
*
* @Returns The untainted RFC 3986 URI on success, undefined on failure.
* @Notes
This function does not make any attempt to check whether the URI is accessible
or 'makes sense' in any meaningful way. It just checks that it is formatted
correctly.
*/
/*
* @Function isWebUri(value)
* @Synopsis is the value a well-formed HTTP or HTTPS uri?
* @Description
This is just a convenience method that combines isHttpUri and isHttpsUri
to accept most common real-world URLs.
* @Arguments
* value The potential URI to test.
*
* @Returns The untainted RFC 3986 URI on success, undefined on failure.
* @Notes
This function does not make any attempt to check whether the URI is accessible
or 'makes sense' in any meaningful way. It just checks that it is formatted
correctly.
*/
See also
RFC 3986, RFC 3966, RFC 4694, RFC 4759, RFC 4904
Keywords
FAQs
URI validation functions
The npm package valid-url receives a total of 1,864,247 weekly downloads. As such, valid-url popularity was classified as popular.
We found that valid-url demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Last updated on 31 Jul 2013
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
By Sarah Gooding - Apr 19, 2024
Research
Security News
npm Package for ReExt React Components Library Exfiltrates Git Credentials
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
By Sarah Gooding, Socket Research Team - Apr 18, 2024