An RFC 3986 compliant, scheme extendable URI parsing/validating/normalizing/resolving library for JavaScript
Installations
npm install uri-jsReleases
Unable to fetch releases
Developer
garycourt
Developer Guide
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
12.18.3
NPM Version
6.14.6
Statistics
306 Stars
89 Commits
68 Forks
9 Watching
7 Branches
8 Contributors
Updated on 25 Nov 2024
Bundle Size
17.68 kB
Minified
6.50 kB
Minified + Gzipped
Languages
JavaScript (59.71%)
TypeScript (36.73%)
CSS (2.51%)
HTML (1.04%)
Total Downloads
Cumulative downloads
Total Downloads
8,261,723,742
Last day
-2.4%
9,587,808
Compared to previous day
Last week
4.6%
53,438,455
Compared to previous week
Last month
20.9%
208,036,094
Compared to previous month
Last year
11.7%
2,084,461,703
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
URI.js
URI.js is an RFC 3986 compliant, scheme extendable URI parsing/normalizing/resolving/serializing library for all JavaScript environments (browsers, Node.js, etc). It is also compliant with the IRI (RFC 3987), IDNA (RFC 5890), IPv6 Address (RFC 5952), IPv6 Zone Identifier (RFC 6874) specifications.
URI.js has an extensive test suite, and works in all (Node.js, web) environments. It weighs in at 6.4kb (gzipped, 17kb deflated).
API
Parsing
URI.parse("uri://user:pass@example.com:123/one/two.three?q1=a1&q2=a2#body");
//returns:
//{
// scheme : "uri",
// userinfo : "user:pass",
// host : "example.com",
// port : 123,
// path : "/one/two.three",
// query : "q1=a1&q2=a2",
// fragment : "body"
//}
Serializing
URI.serialize({scheme : "http", host : "example.com", fragment : "footer"}) === "http://example.com/#footer"
Resolving
URI.resolve("uri://a/b/c/d?q", "../../g") === "uri://a/g"
Normalizing
URI.normalize("HTTP://ABC.com:80/%7Esmith/home.html") === "http://abc.com/~smith/home.html"
Comparison
URI.equal("example://a/b/c/%7Bfoo%7D", "eXAMPLE://a/./b/../b/%63/%7bfoo%7d") === true
IP Support
//IPv4 normalization
URI.normalize("//192.068.001.000") === "//192.68.1.0"
//IPv6 normalization
URI.normalize("//[2001:0:0DB8::0:0001]") === "//[2001:0:db8::1]"
//IPv6 zone identifier support
URI.parse("//[2001:db8::7%25en1]");
//returns:
//{
// host : "2001:db8::7%en1"
//}
IRI Support
//convert IRI to URI
URI.serialize(URI.parse("http://examplé.org/rosé")) === "http://xn--exampl-gva.org/ros%C3%A9"
//convert URI to IRI
URI.serialize(URI.parse("http://xn--exampl-gva.org/ros%C3%A9"), {iri:true}) === "http://examplé.org/rosé"
Options
All of the above functions can accept an additional options argument that is an object that can contain one or more of the following properties:
-
scheme(string)Indicates the scheme that the URI should be treated as, overriding the URI's normal scheme parsing behavior.
-
reference(string)If set to
"suffix", it indicates that the URI is in the suffix format and the parser will use the option'sschemeproperty to determine the URI's scheme. -
tolerant(boolean, false)If set to
true, the parser will relax URI resolving rules. -
absolutePath(boolean, false)If set to
true, the serializer will not resolve a relativepathcomponent. -
iri(boolean, false)If set to
true, the serializer will unescape non-ASCII characters as per RFC 3987. -
unicodeSupport(boolean, false)If set to
true, the parser will unescape non-ASCII characters in the parsed output as per RFC 3987. -
domainHost(boolean, false)If set to
true, the library will treat thehostcomponent as a domain name, and convert IDNs (International Domain Names) as per RFC 5891.
Scheme Extendable
URI.js supports inserting custom scheme dependent processing rules. Currently, URI.js has built in support for the following schemes:
- http [RFC 2616]
- https [RFC 2818]
- ws [RFC 6455]
- wss [RFC 6455]
- mailto [RFC 6068]
- urn [RFC 2141]
- urn:uuid [RFC 4122]
HTTP/HTTPS Support
URI.equal("HTTP://ABC.COM:80", "http://abc.com/") === true
URI.equal("https://abc.com", "HTTPS://ABC.COM:443/") === true
WS/WSS Support
URI.parse("wss://example.com/foo?bar=baz");
//returns:
//{
// scheme : "wss",
// host: "example.com",
// resourceName: "/foo?bar=baz",
// secure: true,
//}
URI.equal("WS://ABC.COM:80/chat#one", "ws://abc.com/chat") === true
Mailto Support
URI.parse("mailto:alpha@example.com,bravo@example.com?subject=SUBSCRIBE&body=Sign%20me%20up!");
//returns:
//{
// scheme : "mailto",
// to : ["alpha@example.com", "bravo@example.com"],
// subject : "SUBSCRIBE",
// body : "Sign me up!"
//}
URI.serialize({
scheme : "mailto",
to : ["alpha@example.com"],
subject : "REMOVE",
body : "Please remove me",
headers : {
cc : "charlie@example.com"
}
}) === "mailto:alpha@example.com?cc=charlie@example.com&subject=REMOVE&body=Please%20remove%20me"
URN Support
URI.parse("urn:example:foo");
//returns:
//{
// scheme : "urn",
// nid : "example",
// nss : "foo",
//}
URN UUID Support
URI.parse("urn:uuid:f81d4fae-7dec-11d0-a765-00a0c91e6bf6");
//returns:
//{
// scheme : "urn",
// nid : "uuid",
// uuid : "f81d4fae-7dec-11d0-a765-00a0c91e6bf6",
//}
Usage
To load in a browser, use the following tag:
<script type="text/javascript" src="uri-js/dist/es5/uri.all.min.js"></script>
To load in a CommonJS/Module environment, first install with npm/yarn by running on the command line:
npm install uri-js
# OR
yarn add uri-js
Then, in your code, load it using:
const URI = require("uri-js");
If you are writing your code in ES6+ (ESNEXT) or TypeScript, you would load it using:
import * as URI from "uri-js";
Or you can load just what you need using named exports:
import { parse, serialize, resolve, resolveComponents, normalize, equal, removeDotSegments, pctEncChar, pctDecChars, escapeComponent, unescapeComponent } from "uri-js";
Breaking changes
Breaking changes from 3.x
URN parsing has been completely changed to better align with the specification. Scheme is now always urn, but has two new properties: nid which contains the Namspace Identifier, and nss which contains the Namespace Specific String. The nss property will be removed by higher order scheme handlers, such as the UUID URN scheme handler.
The UUID of a URN can now be found in the uuid property.
Breaking changes from 2.x
URI validation has been removed as it was slow, exposed a vulnerabilty, and was generally not useful.
Breaking changes from 1.x
The errors array on parsed components is now an error string.
Stable Version
The latest stable version of the package.
Stable Version
4.4.1
MODERATE
1
6.5/10
Summary
Regular Expression Denial Of Service in uri-js
Affected Versions
< 3.0.0
Patched Versions
3.0.0
Reason
no binaries found in the repo
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Warn: project license file does not contain an FSF or OSI license.
Reason
Found 8/22 approved changesets -- score normalized to 3
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'master'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 16 are checked with a SAST tool
Reason
17 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-93q8-gq69-wqmw
- Warn: Project is vulnerable to: GHSA-67hx-6x53-jw92
- Warn: Project is vulnerable to: GHSA-cwfw-4gq5-mrqx
- Warn: Project is vulnerable to: GHSA-g95f-p29q-9xw4
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-gxpj-cx7g-858c
- Warn: Project is vulnerable to: GHSA-w573-4hg7-7wgq
- Warn: Project is vulnerable to: GHSA-ww39-953v-wcq6
- Warn: Project is vulnerable to: GHSA-9c47-m6qq-7p4h
- Warn: Project is vulnerable to: GHSA-29mw-wpgm-hmr9
- Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm
- Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv
- Warn: Project is vulnerable to: GHSA-f8q6-p94x-37v3
- Warn: Project is vulnerable to: GHSA-xvch-5gv4-984h
- Warn: Project is vulnerable to: GHSA-qrpm-p2h7-hrv2
- Warn: Project is vulnerable to: GHSA-hj48-42vr-x3v9
- Warn: Project is vulnerable to: GHSA-gcx4-mw62-g8wm
Score
2.1
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn MoreOther packages similar to uri-js
uri-js-replace
Replacement for abandoned library URI.js (uri-js)
toad-uri-js
A modern RFC 3986/3987 compliant, scheme extendable URI/IRI parsing/normalizing/resolving/serializing library for JavaScript.
fast-uri
Dependency free RFC 3986 URI toolbox
file-uri-to-path
Convert a file: URI to a file path