Gathering detailed insights and metrics for querystringify
Gathering detailed insights and metrics for querystringify
Querystringify - Small, simple but powerful query string parser.
Installations
npm install querystringifyReleases
Unable to fetch releases
Developer
unshiftio
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
14.8.0
NPM Version
6.14.7
Statistics
175 Stars
70 Commits
21 Forks
11 Watching
3 Branches
7 Contributors
Updated on 24 Jul 2024
Languages
JavaScript (100%)
Total Downloads
Cumulative downloads
Total Downloads
3,945,631,987
Last day
-7.1%
4,238,898
Compared to previous day
Last week
1.4%
24,514,792
Compared to previous week
Last month
6.4%
102,565,828
Compared to previous month
Last year
30%
1,099,134,756
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
5
Versions
querystringify
First off, see if the built-in
URLSearchParams
is suitable for your needs.
Development of this module started in 2014, when URLSearchParams wasn't
available. The module provides a somewhat JSON-compatible interface for query
string parsing. This query string parser is dumb, don't expect to much from it
as it only wants to parse simple query strings. If you want to parse complex,
multi level and deeply nested query strings then you should rethink your
approach, due to the lack of spec and numerous edge cases.
Installation
This module is released in npm as querystringify. It's also compatible with
browserify so it can be used on the server as well as on the client. To
install it simply run the following command from your CLI:
npm install --save querystringify
Usage
In the following examples we assume that you've already required the library as:
1'use strict'; 2 3var qs = require('querystringify');
qs.parse()
The parse method transforms a given query string in to an object. Parameters
without values are set to empty strings. It does not care if your query string
is prefixed with a ?, a #, or not prefixed. It just extracts the parts
between the = and &:
1qs.parse('?foo=bar'); // { foo: 'bar' } 2qs.parse('#foo=bar'); // { foo: 'bar' } 3qs.parse('foo=bar'); // { foo: 'bar' } 4qs.parse('foo=bar&bar=foo'); // { foo: 'bar', bar: 'foo' } 5qs.parse('foo&bar=foo'); // { foo: '', bar: 'foo' }
qs.stringify()
This transforms a given object in to a query string. By default we return the
query string without a ? prefix. If you want to prefix it by default simply
supply true as second argument. If it should be prefixed by something else
simply supply a string with the prefix value as second argument:
1qs.stringify({ foo: bar }); // foo=bar 2qs.stringify({ foo: bar }, true); // ?foo=bar 3qs.stringify({ foo: bar }, '#'); // #foo=bar 4qs.stringify({ foo: '' }, '&'); // &foo=
License
MIT
Stable Version
The latest stable version of the package.
Stable Version
2.2.0
HIGH
1
HIGH
0/10
Summary
Prototype Pollution in querystringify
Affected Versions
< 2.0.0
Patched Versions
2.0.0
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 3/30 approved changesets -- score normalized to 1
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/unshiftio/querystringify/ci.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/ci.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/unshiftio/querystringify/ci.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/ci.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/unshiftio/querystringify/ci.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/ci.yml:22
- Info: 0 out of 2 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/ci.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 3 are checked with a SAST tool
Score
3.5
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More