Big news!Introducing Socket AI - ChatGPT-Powered Threat Analysis.Learn more


Package Overview
File Explorer

Advanced tools


An implementation of the WHATWG URL Standard's URL API and parsing machinery


Version published
Weekly downloads
decreased by-1.17%

Weekly downloads




Updated our tr46 dependency, which brings along several fixes related to international domain names. Such as:

  • Empty domain name labels, as in https://xn--4-0bd15808a.../, no longer cause URL parsing to fail.
  • Invalid punycode-encoded domain name labels, as in http://xn--ls8h=/, now correctly cause URL parsing to fail.
  • Includes support for Unicode 15.0.0.

As part of this, we are now running against the newly-introduced test data derived from the Unicode Consortium-maintained IdnaTestV2.txt file, and passing them all.




whatwg-url is a full implementation of the WHATWG URL Standard. It can be used standalone, but it also exposes a lot of the internal algorithms that are useful for integrating a URL parser into a project like jsdom.

Specification conformance

whatwg-url is currently up to date with the URL spec up to commit fdaa0e5.

For file: URLs, whose origin is left unspecified, whatwg-url chooses to use a new opaque origin (which serializes to "null").

whatwg-url does not yet implement any encoding handling beyond UTF-8. That is, the encoding override parameter does not exist in our API.


The URL and URLSearchParams classes

The main API is provided by the URL and URLSearchParams exports, which follows the spec's behavior in all ways (including e.g. USVString conversion). Most consumers of this library will want to use these.

Low-level URL Standard API

The following methods are exported for use by places like jsdom that need to implement things like HTMLHyperlinkElementUtils. They mostly operate on or return an "internal URL" or "URL record" type.

The stateOverride parameter is one of the following strings:

The URL record type has the following API:

These properties should be treated with care, as in general changing them will cause the URL record to be in an inconsistent state until the appropriate invocation of basicURLParse is used to fix it up. You can see examples of this in the URL Standard, where there are many step sequences like "4. Set context object’s url’s fragment to the empty string. 5. Basic URL parse input with context object’s url as url and fragment state as state override." In between those two steps, a URL record is in an unusable state.

The return value of "failure" in the spec is represented by null. That is, functions like parseURL and basicURLParse can return either a URL record or null.

whatwg-url/webidl2js-wrapper module

This module exports the URL and URLSearchParams interface wrappers API generated by webidl2js.

Development instructions

First, install Node.js. Then, fetch the dependencies of whatwg-url, by running from this directory:

npm install

To run tests:

npm test

To generate a coverage report:

npm run coverage

To build and run the live viewer:

npm run prepare npm run build-live-viewer

Serve the contents of the live-viewer directory using any web server.

Supporting whatwg-url

The jsdom project (including whatwg-url) is a community-driven project maintained by a team of volunteers. You could support us by:

  • Getting professional support for whatwg-url as part of a Tidelift subscription. Tidelift helps making open source sustainable for us while giving teams assurances for maintenance, licensing, and security.
  • Contributing directly to the project.


Last updated on 08 Mar 2023

Did you know?

Socket installs a Github app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.

Install Socket
Socket SOC 2 Logo


  • Package Issues
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc