Gathering detailed insights and metrics for tldts
Gathering detailed insights and metrics for tldts
JavaScript Library to extract domains, subdomains and public suffixes from complex URIs.
Installations
npm install tldtsScore
99.6
Supply Chain
100
Quality
95.3
Maintenance
100
Vulnerability
100
License
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
18.20.5
NPM Version
lerna/8.1.9/node@v18.20.5+x64 (linux)
Statistics
489 Stars
2,774 Commits
19 Forks
3 Watching
25 Branches
15 Contributors
Updated on 26 Nov 2024
Bundle Size
104.39 kB
Minified
40.51 kB
Minified + Gzipped
Languages
TypeScript (95.54%)
JavaScript (4.31%)
Shell (0.11%)
Makefile (0.04%)
Total Downloads
Cumulative downloads
Total Downloads
39,537,008
Last day
-13%
640,071
Compared to previous day
Last week
4.7%
4,051,932
Compared to previous week
Last month
97.9%
15,153,655
Compared to previous month
Last year
592.1%
32,045,968
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Versions
tldts - Blazing Fast URL Parsing
tldts is a JavaScript library to extract hostnames, domains, public suffixes, top-level domains and subdomains from URLs.
Features:
- Tuned for performance (order of 0.1 to 1 μs per input)
- Handles both URLs and hostnames
- Full Unicode/IDNA support
- Support parsing email addresses
- Detect IPv4 and IPv6 addresses
- Continuously updated version of the public suffix list
- TypeScript, ships with
umd,esm,cjsbundles and type definitions - Small bundles and small memory footprint
- Battle tested: full test coverage and production use
⚠️ If you are migrating to tldts from another library like psl, make sure to check the migration section.
Install
1npm install --save tldts
Usage
Using the command-line interface:
1$ npx tldts 'http://www.writethedocs.org/conf/eu/2017/' 2{ 3 "domain": "writethedocs.org", 4 "domainWithoutSuffix": "writethedocs", 5 "hostname": "www.writethedocs.org", 6 "isIcann": true, 7 "isIp": false, 8 "isPrivate": false, 9 "publicSuffix": "org", 10 "subdomain": "www" 11}
Or from the command-line in batch:
1$ echo "http://www.writethedocs.org/\nhttps://example.com" | npx tldts 2{ 3 "domain": "writethedocs.org", 4 "domainWithoutSuffix": "writethedocs", 5 "hostname": "www.writethedocs.org", 6 "isIcann": true, 7 "isIp": false, 8 "isPrivate": false, 9 "publicSuffix": "org", 10 "subdomain": "www" 11} 12{ 13 "domain": "example.com", 14 "domainWithoutSuffix": "example", 15 "hostname": "example.com", 16 "isIcann": true, 17 "isIp": false, 18 "isPrivate": false, 19 "publicSuffix": "com", 20 "subdomain": "" 21}
Programmatically:
1const { parse } = require('tldts'); 2 3// Retrieving hostname related informations of a given URL 4parse('http://www.writethedocs.org/conf/eu/2017/'); 5// { domain: 'writethedocs.org', 6// domainWithoutSuffix: 'writethedocs', 7// hostname: 'www.writethedocs.org', 8// isIcann: true, 9// isIp: false, 10// isPrivate: false, 11// publicSuffix: 'org', 12// subdomain: 'www' }
Modern ES6 modules import is also supported:
1import { parse } from 'tldts';
Alternatively, you can try it directly in your browser here: https://npm.runkit.com/tldts
Check README.md for more details about the API.
Migrating from other libraries
TL;DR—here is a quick overview of how to use tldts to match the default behavior of the psl library. Skip to after the tables for a more detailed explanation.
| Parsing a hostname | |
|---|---|
tldts | tldts.parse('spark-public.s3.amazonaws.com', { allowPrivateDomains: true }) |
psl | psl.parse('spark-public.s3.amazonaws.com') |
| Note | Make sure to include { allowPrivateDomains: true } to consider private suffixes |
| Parsing a URL | |
|---|---|
tldts | tldts.parse('https://spark-public.s3.amazonaws.com/data', { allowPrivateDomains: true }) |
psl | psl.parse(new URL('https://spark-public.s3.amazonaws.com/data').hostname) |
| Note | No need to extract hostnames from URLs, tldts can do that for you |
| Getting the domain | |
|---|---|
tldts | tldts.getDomain('spark-public.s3.amazonaws.com', { allowPrivateDomains: true }) |
psl | psl.get('spark-public.s3.amazonaws.com') |
| Note | Using specific functions like getDomain are more efficient then relying on parse |
| Getting the Public Suffix | |
|---|---|
tldts | tldts.getPublicSuffix('spark-public.s3.amazonaws.com', { allowPrivateDomains: true }) |
psl | psl.parse('spark-public.s3.amazonaws.com').tld |
Explanation. There are multiple libraries which can be used to parse URIs
based on the Public Suffix List. Not all these libraries offer the same
behavior by default and depending on your particular use-case, this can matter.
When migrating from another library to tldts, make sure to read this section
to preserve the same behavior.
The biggest difference between tldts's default behavior and some other
libraries like psl has to do with which suffixes are considered by default.
The default for tldts is to only consider the ICANN section and ignore the
Private section.
Consider this example using the unmaintained psl library:
1const psl = require('psl'); 2 3psl.parse('https://spark-public.s3.amazonaws.com/dataanalysis/loansData.csv') 4// { 5// input: 'spark-public.s3.amazonaws.com', 6// tld: 's3.amazonaws.com', <<< Public Suffix is from Private section 7// sld: 'spark-public', 8// domain: 'spark-public.s3.amazonaws.com', 9// subdomain: null, 10// listed: true 11// }
And now with tldts:
1const { parse } = require('tldts'); 2 3parse('spark-public.s3.amazonaws.com'); 4// { 5// domain: 'amazonaws.com', 6// domainWithoutSuffix: 'amazonaws', 7// hostname: 'spark-public.s3.amazonaws.com', 8// isIcann: true, 9// isIp: false, 10// isPrivate: false, 11// publicSuffix: 'com', <<< By default, use Public Suffix from ICANN section 12// subdomain: 'spark-public.s3' 13// }
To get the same behavior, you need to pass the { allowPrivateDomains: true } option:
1const { parse } = require('tldts'); 2 3parse('spark-public.s3.amazonaws.com', { allowPrivateDomains: true }); 4// { 5// domain: 'spark-public.s3.amazonaws.com', 6// domainWithoutSuffix: 'spark-public', 7// hostname: 'spark-public.s3.amazonaws.com', 8// isIcann: false, 9// isIp: false, 10// isPrivate: true, 11// publicSuffix: 's3.amazonaws.com', <<< Private Public Suffix is used 12// subdomain: '' 13// }
Here are some other differences which can make your life easy. tldts accepts
both hostnames and URLs as arguments, so you do not need to parse your
inputs before handing them over to tldts:
1const { parse } = require('tldts'); 2 3// Both are fine! 4parse('spark-public.s3.amazonaws.com', { allowPrivateDomains: true }); 5parse('https://spark-public.s3.amazonaws.com/dataanalysis/loansData.csv', { allowPrivateDomains: true });
tldts offers dedicated methods to extract the Public Suffix, domain,
subdomain, etc. without having to rely on the more generic parse function.
This is also more efficient than calling parse, because less work as to be
done.
1const { 2 getHostname, 3 getDomain, 4 getPublicSuffix, 5 getSubdomain, 6 getDomainWithoutSuffix, 7} = require('tldts'); 8 9const url = 'https://spark-public.s3.amazonaws.com'; 10 11console.log(getHostname(url)); // spark-public.s3.amazonaws.com 12console.log(getDomain(url, { allowPrivateDomains: true })); // spark-public.s3.amazonaws.com 13console.log(getPublicSuffix(url, { allowPrivateDomains: true })); // s3.amazonaws.com 14console.log(getSubdomain(url, { allowPrivateDomains: true })); // '' 15console.log(getDomainWithoutSuffix(url, { allowPrivateDomains: true })); // spark-public
Contributors
tldts is based upon the excellent tld.js library and would not exist without
the many contributors who worked on the project.
This project would not be possible without the amazing Mozilla's public suffix list either. Thank you for your hard work!
License
No vulnerabilities found.
Reason
no dangerous workflow patterns detected
Reason
30 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
0 existing vulnerabilities detected
Reason
Found 0/17 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/psl.yml:1
- Warn: no topLevel permission defined: .github/workflows/release.yml:1
- Warn: no topLevel permission defined: .github/workflows/tests.yml:1
- Info: no jobLevel write permissions found
Reason
dependency not pinned by hash detected -- score normalized to 0
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psl.yml:12: update your workflow using https://app.stepsecurity.io/secureworkflow/remusao/tldts/psl.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/psl.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/remusao/tldts/psl.yml/master?enable=pin
- Warn: third-party GitHubAction not pinned by hash: .github/workflows/psl.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/remusao/tldts/psl.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/remusao/tldts/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/remusao/tldts/release.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/remusao/tldts/tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/remusao/tldts/tests.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/tests.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/remusao/tldts/tests.yml/master?enable=pin
- Warn: npmCommand not pinned by hash: comparison/install.sh:3
- Info: 0 out of 7 GitHub-owned GitHubAction dependencies pinned
- Info: 0 out of 1 third-party GitHubAction dependencies pinned
- Info: 0 out of 1 npmCommand dependencies pinned
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 18 are checked with a SAST tool
Score
4.8
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More