Installations
npm install tld-extractScore
99.4
Supply Chain
99
Quality
78
Maintenance
100
Vulnerability
99.6
License
Releases
Unable to fetch releases
Developer
131
Developer Guide
Module System
CommonJS
Min. Node Version
Typescript Support
No
Node Version
8.17.0
NPM Version
6.13.4
Statistics
44 Stars
40 Commits
15 Forks
3 Watching
1 Branches
3 Contributors
Updated on 28 Oct 2024
Bundle Size
149.41 kB
Minified
41.93 kB
Minified + Gzipped
Languages
JavaScript (74.55%)
TypeScript (25.45%)
Total Downloads
Cumulative downloads
Total Downloads
3,329,511
Last day
7.4%
8,380
Compared to previous day
Last week
3.1%
39,719
Compared to previous week
Last month
-0%
163,705
Compared to previous month
Last year
107.8%
1,775,988
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
4
Motivation
Extract the TLD/domain/subdomain parts of an URL/hostname against mozilla TLDs official listing.
API
var parser = require('tld-extract');
console.log( parser("http://www.google.com") );
console.log( parser("http://google.co.uk") );
/**
* >> { tld: 'com', domain: 'google.com', sub: 'www' }
* >> { tld: 'co.uk', domain: 'google.co.uk', sub: '' }
*/
Private TLDs
Private TLDs are supported, see chromium source code for specs
console.log( parser("http://jeanlebon.cloudfront.net"));
/**
* >> { tld : 'net', domain : 'cloudfront.net', sub : 'jeanlebon' };
*/
console.log( parser("http://jeanlebon.cloudfront.net", {allowPrivateTLD : true}));
/**
* >> { tld : 'cloudfront.net', domain : 'jeanlebon.cloudfront.net', sub : '' };
*/
Unknown TLDs (level0)
By default, unknown TLD throw an exception, you can allow them and use tld-extract as a parser using the allowUnknownTLD option
parse("http://nowhere.local")
>> throws /Invalid TLD/
parse("http://nowhere.local", {allowUnknownTLD : true}))
>> { tld : 'local', domain : 'nowhere.local', sub : '' }
DotLess domain
Using a tld as a direct domain name, or dotless domain is highly not recommended (ICANN and IAB have spoken out against the practice, classifying it as a security risk among other concerns.[34] ICANN's Security and Stability Advisory Committee (SSAC) additionally claims that SMTP "requires at least two labels in the FQDN of a mail address" and, as such, mail servers would reject emails to addresses with dotless domains), and will throw an error in tld-extract. You can override this behavior using the allowDotlessTLD option.
parse("http://notaires.fr")
>> throws /Invalid TLD/
parse("http://notaires.fr", {allowDotlessTLD : true}))
>> { tld : 'notaires.fr', domain : 'notaires.fr', sub : '' }
Why
- no dependencies
- really fast
- full code coverage
- easy to read (10 lines)
- easily updatable vs mozilla TLDs source list
- TypeScript support
Maintenance
You can update the remote hash table using npm run update
Not Invented Here
-
A port of a yks/PHP library
-
tldextract => bad API, (no need for async, "domain" property is wrong), no need for dependencies
-
tld => (nothing bad, a bit outdated )
-
tld.js => no sane way to prove/trust/update TLD listing
Credits
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
Found 1/28 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/publish.yml:1
- Warn: no topLevel permission defined: .github/workflows/test.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:11: update your workflow using https://app.stepsecurity.io/secureworkflow/131/node-tld/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/publish.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/131/node-tld/publish.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:7: update your workflow using https://app.stepsecurity.io/secureworkflow/131/node-tld/test.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:8: update your workflow using https://app.stepsecurity.io/secureworkflow/131/node-tld/test.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/131/node-tld/test.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: .github/workflows/publish.yml:17
- Warn: npmCommand not pinned by hash: .github/workflows/test.yml:12
- Info: 0 out of 4 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 2 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 3 are checked with a SAST tool
Score
3.4
/10
Last Scanned on 2024-11-25
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to tld-extract
extract-domain
Extract domain name from URL
extract-tld
Extract the TLD from a URL against the [public suffix list](https://publicsuffix.org/).
mini-css-extract-plugin
extracts CSS into separate files
postcss-modules-extract-imports
A CSS Modules transform to extract local aliases for inline imports