Gathering detailed insights and metrics for @tahul/punycode
Gathering detailed insights and metrics for @tahul/punycode
A robust Punycode converter that fully complies to RFC 3492 and RFC 5891.
Installations
npm install @tahul/punycodeDeveloper Guide
BETA
Typescript
Yes
Module System
ESM
Min. Node Version
>=6
Node Version
20.7.0
NPM Version
10.1.0
Releases
10
Languages
1
JavaScript
JavaScript (100%)
Developer
Download Statistics
Total Downloads
0
Last Day
0
Last Week
0
Last Month
0
Last Year
0
GitHub Statistics
MIT License
1,640 Stars
150 Commits
159 Forks
36 Watchers
2 Branches
19 Contributors
Updated on Jul 05, 2025
Maintainers
1
Package Meta Information
Latest Version
2.3.4
Package Id
@tahul/punycode@2.3.4
Unpacked Size
33.53 kB
Size
7.66 kB
File Count
6
NPM Version
10.1.0
Node Version
20.7.0
Published on
Mar 24, 2024
Total Downloads
Cumulative downloads
Total Downloads
NaN
Last Day
0%
NaN
Compared to previous day
Last Week
0%
NaN
Compared to previous week
Last Month
0%
NaN
Compared to previous month
Last Year
0%
NaN
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
Punycode.js 
Punycode.js is a robust Punycode converter that fully complies to RFC 3492 and RFC 5891.
This JavaScript library is the result of comparing, optimizing and documenting different open-source implementations of the Punycode algorithm:
- The C example code from RFC 3492
punycode.cby Markus W. Scherer (IBM)punycode.cby Ben Noordhuis- JavaScript implementation by some
punycode.jsby Ben Noordhuis (note: not fully compliant)
This project was bundled with Node.js from v0.6.2+ until v7 (soft-deprecated).
This project provides a CommonJS module that uses ES2015+ features and JavaScript module, which work in modern Node.js versions and browsers. For the old Punycode.js version that offers the same functionality in a UMD build with support for older pre-ES2015 runtimes, including Rhino, Ringo, and Narwhal, see v1.4.1.
Installation
Via npm:
1npm install punycode --save
In Node.js:
⚠️ Note that userland modules don't hide core modules. For example,
require('punycode')still imports the deprecated core module even if you executednpm install punycode. Userequire('punycode/')to import userland modules rather than core modules.
1const punycode = require('punycode/');
API
punycode.decode(string)
Converts a Punycode string of ASCII symbols to a string of Unicode symbols.
1// decode domain name parts 2punycode.decode('maana-pta'); // 'mañana' 3punycode.decode('--dqo34k'); // '☃-⌘'
punycode.encode(string)
Converts a string of Unicode symbols to a Punycode string of ASCII symbols.
1// encode domain name parts 2punycode.encode('mañana'); // 'maana-pta' 3punycode.encode('☃-⌘'); // '--dqo34k'
punycode.toUnicode(input)
Converts a Punycode string representing a domain name or an email address to Unicode. Only the Punycoded parts of the input will be converted, i.e. it doesn’t matter if you call it on a string that has already been converted to Unicode.
1// decode domain names
2punycode.toUnicode('xn--maana-pta.com');
3// → 'mañana.com'
4punycode.toUnicode('xn----dqo34k.com');
5// → '☃-⌘.com'
6
7// decode email addresses
8punycode.toUnicode('джумла@xn--p-8sbkgc5ag7bhce.xn--ba-lmcq');
9// → 'джумла@джpумлатест.bрфa'punycode.toASCII(input)
Converts a lowercased Unicode string representing a domain name or an email address to Punycode. Only the non-ASCII parts of the input will be converted, i.e. it doesn’t matter if you call it with a domain that’s already in ASCII.
1// encode domain names
2punycode.toASCII('mañana.com');
3// → 'xn--maana-pta.com'
4punycode.toASCII('☃-⌘.com');
5// → 'xn----dqo34k.com'
6
7// encode email addresses
8punycode.toASCII('джумла@джpумлатест.bрфa');
9// → 'джумла@xn--p-8sbkgc5ag7bhce.xn--ba-lmcq'punycode.ucs2
punycode.ucs2.decode(string)
Creates an array containing the numeric code point values of each Unicode symbol in the string. While JavaScript uses UCS-2 internally, this function will convert a pair of surrogate halves (each of which UCS-2 exposes as separate characters) into a single code point, matching UTF-16.
1punycode.ucs2.decode('abc'); 2// → [0x61, 0x62, 0x63] 3// surrogate pair for U+1D306 TETRAGRAM FOR CENTRE: 4punycode.ucs2.decode('\uD834\uDF06'); 5// → [0x1D306]
punycode.ucs2.encode(codePoints)
Creates a string based on an array of numeric code point values.
1punycode.ucs2.encode([0x61, 0x62, 0x63]); 2// → 'abc' 3punycode.ucs2.encode([0x1D306]); 4// → '\uD834\uDF06'
punycode.version
A string representing the current Punycode.js version number.
For maintainers
How to publish a new release
-
On the
mainbranch, bump the version number inpackage.json:1npm version patch -m 'Release v%s'Instead of
patch, useminorormajoras needed.Note that this produces a Git commit + tag.
-
Push the release commit and tag:
1git push && git push --tagsOur CI then automatically publishes the new release to npm, under both the
punycodeandpunycode.jsnames.
Author
 |
|---|
| Mathias Bynens |
License
Punycode.js is available under the MIT license.
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE-MIT.txt:0
- Info: FSF or OSI recognized license: MIT License: LICENSE-MIT.txt:0
Reason
0 existing vulnerabilities detected
Reason
Found 13/30 approved changesets -- score normalized to 4
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/mathiasbynens/punycode.js/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/mathiasbynens/punycode.js/main.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-on-tag.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/mathiasbynens/punycode.js/publish-on-tag.yml/main?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish-on-tag.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/mathiasbynens/punycode.js/publish-on-tag.yml/main?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/main.yml:23
- Warn: npmCommand not pinned by hash: .github/workflows/publish-on-tag.yml:20
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/main.yml:1
- Warn: no topLevel permission defined: .github/workflows/publish-on-tag.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'main'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 13 are checked with a SAST tool
Score
3.8
/10
Last Scanned on 2025-07-07
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More