Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
whatwg-url
Advanced tools
An implementation of the WHATWG URL Standard's URL API and parsing machinery
The whatwg-url npm package is an implementation of the URL and URLSearchParams interfaces found in the WHATWG URL Standard. It provides utilities for URL parsing, serialization, and manipulation in accordance with the standard.
Parsing and Serializing URLs
This feature allows for the parsing of a full URL string into its constituent parts, as well as the serialization of the URL object back into a string.
const { URL } = require('whatwg-url');
const myURL = new URL('https://example.com/path?query=123#fragment');
console.log(myURL.href); // 'https://example.com/path?query=123#fragment'
Manipulating URL Components
This feature enables the modification of different parts of the URL, such as the pathname, search, or hash.
const { URL } = require('whatwg-url');
const myURL = new URL('https://example.com/path');
myURL.pathname = '/newPath';
console.log(myURL.href); // 'https://example.com/newPath'
Working with URLSearchParams
This feature provides an interface for working with query strings, allowing for easy parsing, appending, deleting, and iterating over query parameters.
const { URLSearchParams } = require('whatwg-url');
const params = new URLSearchParams('key1=value1&key2=value2');
params.append('key3', 'value3');
console.log(params.toString()); // 'key1=value1&key2=value2&key3=value3'
url-parse is a package that offers URL parsing and manipulation. It provides a similar API to whatwg-url but also works in environments without the native URL constructor. It can be a lighter alternative with similar capabilities.
urijs is a URL manipulation library that allows parsing, building, and normalizing URLs. It offers a fluent API and additional features like URI building and resolution, which makes it more feature-rich compared to whatwg-url.
whatwg-url is a full implementation of the WHATWG URL Standard. It can be used standalone, but it also exposes a lot of the internal algorithms that are useful for integrating a URL parser into a project like jsdom.
whatwg-url is currently up to date with the URL spec up to commit eee49fd.
For file:
URLs, whose origin is left unspecified, whatwg-url chooses to use a new opaque origin (which serializes to "null"
).
whatwg-url does not yet implement any encoding handling beyond UTF-8. That is, the encoding override parameter does not exist in our API.
URL
and URLSearchParams
classesThe main API is provided by the URL
and URLSearchParams
exports, which follows the spec's behavior in all ways (including e.g. USVString
conversion). Most consumers of this library will want to use these.
The following methods are exported for use by places like jsdom that need to implement things like HTMLHyperlinkElementUtils
. They mostly operate on or return an "internal URL" or "URL record" type.
parseURL(input, { baseURL })
basicURLParse(input, { baseURL, url, stateOverride })
serializeURL(urlRecord, excludeFragment)
serializeHost(hostFromURLRecord)
serializePath(urlRecord)
serializeInteger(number)
serializeURLOrigin(urlRecord)
setTheUsername(urlRecord, usernameString)
setThePassword(urlRecord, passwordString)
hasAnOpaquePath(urlRecord)
cannotHaveAUsernamePasswordPort(urlRecord)
percentDecodeBytes(uint8Array)
percentDecodeString(string)
The stateOverride
parameter is one of the following strings:
"scheme start"
"scheme"
"no scheme"
"special relative or authority"
"path or authority"
"relative"
"relative slash"
"special authority slashes"
"special authority ignore slashes"
"authority"
"host"
"hostname"
"port"
"file"
"file slash"
"file host"
"path start"
"path"
"opaque path"
"query"
"fragment"
The URL record type has the following API:
These properties should be treated with care, as in general changing them will cause the URL record to be in an inconsistent state until the appropriate invocation of basicURLParse
is used to fix it up. You can see examples of this in the URL Standard, where there are many step sequences like "4. Set context object’s url’s fragment to the empty string. 5. Basic URL parse input with context object’s url as url and fragment state as state override." In between those two steps, a URL record is in an unusable state.
The return value of "failure" in the spec is represented by null
. That is, functions like parseURL
and basicURLParse
can return either a URL record or null
.
whatwg-url/webidl2js-wrapper
moduleThis module exports the URL
and URLSearchParams
interface wrappers API generated by webidl2js.
First, install Node.js. Then, fetch the dependencies of whatwg-url, by running from this directory:
npm install
To run tests:
npm test
To generate a coverage report:
npm run coverage
To build and run the live viewer:
npm run prepare
npm run build-live-viewer
Serve the contents of the live-viewer
directory using any web server.
The jsdom project (including whatwg-url) is a community-driven project maintained by a team of volunteers. You could support us by:
FAQs
An implementation of the WHATWG URL Standard's URL API and parsing machinery
We found that whatwg-url demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 6 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.