Gathering detailed insights and metrics for urijs
Gathering detailed insights and metrics for urijs
Installations
npm install urijsDeveloper Guide
BETA
Typescript
No
Module System
CommonJS
Node Version
16.14.0
NPM Version
8.3.1
Score
100
Supply Chain
99.2
Quality
76
Maintenance
100
Vulnerability
100
License
Releases
43
1.19.11 (April 3rd 2022)
v1.19.11
Updated on Apr 03, 2022
1.19.10 (March 5th 2022)
v1.19.10
Updated on Mar 05, 2022
1.19.9 (March 3rd 2022)
v1.19.9
Updated on Mar 03, 2022
1.19.8 (February 15th 2022)
v1.19.8
Updated on Feb 15, 2022
1.19.7 (July 14th 2021)
v1.19.7
Updated on Jul 14, 2021
1.19.6 (February 13th 2021)
v1.19.6
Updated on Feb 13, 2021
Languages
4
JavaScript
HTML
CSS
PHP
JavaScript (74.22%)
HTML (23.65%)
CSS (1.89%)
PHP (0.24%)
Developer
Download Statistics
Total Downloads
559,180,537
Last Day
109,355
Last Week
2,651,872
Last Month
11,646,911
Last Year
116,884,025
GitHub Statistics
MIT License
6,261 Stars
689 Commits
475 Forks
116 Watchers
5 Branches
68 Contributors
Updated on Jul 02, 2025
Bundle Size
41.75 kB
Minified
13.21 kB
Minified + Gzipped
Maintainers
1
Package Meta Information
Latest Version
1.19.11
Package Id
urijs@1.19.11
Unpacked Size
186.22 kB
Size
52.16 kB
File Count
13
NPM Version
8.3.1
Node Version
16.14.0
Total Downloads
Cumulative downloads
Total Downloads
559,180,537
Last Day
-4.9%
109,355
Compared to previous day
Last Week
-8.7%
2,651,872
Compared to previous week
Last Month
1.4%
11,646,911
Compared to previous month
Last Year
31.3%
116,884,025
Compared to previous year
Weekly Downloads
Monthly Downloads
Yearly Downloads
No dependencies detected.
URI.js
IMPORTANT: You may not need URI.js anymore! Modern browsers provide the URL and URLSearchParams interfaces.
NOTE: The npm package name changed to
urijs
I always want to shoot myself in the head when looking at code like the following:
1var url = "http://example.org/foo?bar=baz"; 2var separator = url.indexOf('?') > -1 ? '&' : '?'; 3 4url += separator + encodeURIComponent("foo") + "=" + encodeURIComponent("bar");
Things are looking up with URL and the URL spec but until we can safely rely on that API, have a look at URI.js for a clean and simple API for mutating URIs:
1var url = new URI("http://example.org/foo?bar=baz"); 2url.addQuery("foo", "bar");
URI.js is here to help with that.
API Example
1// mutating URLs 2URI("http://example.org/foo.html?hello=world") 3 .username("rodneyrehm") 4 // -> http://rodneyrehm@example.org/foo.html?hello=world 5 .username("") 6 // -> http://example.org/foo.html?hello=world 7 .directory("bar") 8 // -> http://example.org/bar/foo.html?hello=world 9 .suffix("xml") 10 // -> http://example.org/bar/foo.xml?hello=world 11 .query("") 12 // -> http://example.org/bar/foo.xml 13 .tld("com") 14 // -> http://example.com/bar/foo.xml 15 .query({ foo: "bar", hello: ["world", "mars"] }); 16 // -> http://example.com/bar/foo.xml?foo=bar&hello=world&hello=mars 17 18// cleaning things up 19URI("?&foo=bar&&foo=bar&foo=baz&") 20 .normalizeQuery(); 21 // -> ?foo=bar&foo=baz 22 23// working with relative paths 24URI("/foo/bar/baz.html") 25 .relativeTo("/foo/bar/world.html"); 26 // -> ./baz.html 27 28URI("/foo/bar/baz.html") 29 .relativeTo("/foo/bar/sub/world.html") 30 // -> ../baz.html 31 .absoluteTo("/foo/bar/sub/world.html"); 32 // -> /foo/bar/baz.html 33 34// URI Templates 35URI.expand("/foo/{dir}/{file}", { 36 dir: "bar", 37 file: "world.html" 38}); 39// -> /foo/bar/world.html
See the About Page and API Docs for more stuff.
Using URI.js
URI.js (without plugins) has a gzipped weight of about 7KB - if you include all extensions you end up at about 13KB. So unless you need second level domain support and use URI templates, we suggest you don't include them in your build. If you don't need a full featured URI mangler, it may be worth looking into the much smaller parser-only alternatives listed below.
URI.js is available through npm, bower, bowercdn, cdnjs and manually from the build page:
1# using bower 2bower install uri.js 3 4# using npm 5npm install urijs
Browser
I guess you'll manage to use the build tool or follow the instructions below to combine and minify the various files into URI.min.js - and I'm fairly certain you know how to <script src=".../URI.min.js"></script> that sucker, too.
Node.js and NPM
Install with npm install urijs or add "urijs" to the dependencies in your package.json.
1// load URI.js 2var URI = require('urijs'); 3// load an optional module (e.g. URITemplate) 4var URITemplate = require('urijs/src/URITemplate'); 5 6URI("/foo/bar/baz.html") 7 .relativeTo("/foo/bar/sub/world.html") 8 // -> ../baz.html
RequireJS
Clone the URI.js repository or use a package manager to get URI.js into your project.
1require.config({ 2 paths: { 3 urijs: 'where-you-put-uri.js/src' 4 } 5}); 6 7require(['urijs/URI'], function(URI) { 8 console.log("URI.js and dependencies: ", URI("//amazon.co.uk").is('sld') ? 'loaded' : 'failed'); 9}); 10require(['urijs/URITemplate'], function(URITemplate) { 11 console.log("URITemplate.js and dependencies: ", URITemplate._cache ? 'loaded' : 'failed'); 12});
Minify
See the build tool or use Google Closure Compiler:
// ==ClosureCompiler==
// @compilation_level SIMPLE_OPTIMIZATIONS
// @output_file_name URI.min.js
// @code_url http://medialize.github.io/URI.js/src/IPv6.js
// @code_url http://medialize.github.io/URI.js/src/punycode.js
// @code_url http://medialize.github.io/URI.js/src/SecondLevelDomains.js
// @code_url http://medialize.github.io/URI.js/src/URI.js
// @code_url http://medialize.github.io/URI.js/src/URITemplate.js
// ==/ClosureCompiler==
Resources
Documents specifying how URLs work:
- URL - Living Standard
- RFC 3986 - Uniform Resource Identifier (URI): Generic Syntax
- RFC 3987 - Internationalized Resource Identifiers (IRI)
- RFC 2732 - Format for Literal IPv6 Addresses in URL's
- RFC 2368 - The
mailto:URL Scheme - RFC 2141 - URN Syntax
- IANA URN Namespace Registry
- Punycode: A Bootstring encoding of Unicode for Internationalized Domain Names in Applications (IDNA)
- application/x-www-form-urlencoded (Query String Parameters) and application/x-www-form-urlencoded encoding algorithm
- What every web developer must know about URL encoding
Informal stuff
How other environments do things
Forks / Code-borrow
- node-dom-urls passy's partial implementation of the W3C URL Spec Draft for Node
- urlutils cofounders'
window.URLconstructor for Node
Alternatives
If you don't like URI.js, you may like one of the following libraries. (If yours is not listed, drop me a line…)
Polyfill
- DOM-URL-Polyfill arv's polyfill of the DOM URL spec for browsers
- inexorabletash inexorabletash's WHATWG URL API
URL Manipulation
- The simple URL Mutation "Hack" (jsPerf comparison)
- URL.js
- furl (Python)
- mediawiki Uri (needs mw and jQuery)
- jurlp
- jsUri
URL Parsers
- The simple URL Mutation "Hack" (jsPerf comparison)
- URI Parser
- jQuery-URL-Parser
- Google Closure Uri
- URI.js by Gary Court
URI Template
- uri-template (supporting extraction as well) by Rezigne
- uri-templates (supporting extraction as well) by Geraint Luff
- uri-templates by Marc Portier
- uri-templates by Geraint Luff (including reverse operation)
- URI Template JS by Franz Antesberger
- Temple by Brett Stimmerman
- (jsperf comparison)
Various
- TLD.js - second level domain names
- Public Suffix - second level domain names
- uri-collection - underscore based utility for working with many URIs
Authors
Contains Code From
- punycode.js - Mathias Bynens
- IPv6.js - Rich Brown - (rewrite of the original)
License
URI.js is published under the MIT license. Until version 1.13.2 URI.js was also published under the GPL v3 license - but as this dual-licensing causes more questions than helps anyone, it was dropped with version 1.14.0.
Changelog
moved to Changelog
High
7.5/10
Summary
URIjs Hostname spoofing via backslashes in URL
Affected Versions
< 1.19.6
Patched Versions
1.19.6
High
7.2/10
Summary
Incorrect protocol extraction via \r, \n and \t characters
Affected Versions
< 1.19.11
Patched Versions
1.19.11
Moderate
5.3/10
Summary
URIjs Vulnerable to Hostname spoofing via backslashes in URL
Affected Versions
< 1.19.7
Patched Versions
1.19.7
Moderate
6.5/10
Summary
URL Confusion When Scheme Not Supplied in medialize/uri.js
Affected Versions
< 1.19.11
Patched Versions
1.19.11
Moderate
6.1/10
Summary
Open Redirect in urijs
Affected Versions
< 1.19.10
Patched Versions
1.19.10
Moderate
5.3/10
Summary
Leading white space bypasses protocol validation
Affected Versions
< 1.19.9
Patched Versions
1.19.9
Moderate
6.5/10
Summary
Authorization Bypass Through User-Controlled Key in urijs
Affected Versions
< 1.19.8
Patched Versions
1.19.8
Moderate
6.5/10
Summary
Hostname spoofing via backslashes in URL
Affected Versions
< 1.19.4
Patched Versions
1.19.4
Reason
security policy file detected
Details
- Info: security policy file detected: SECURITY.md:1
- Info: Found linked content: SECURITY.md:1
- Info: Found disclosure, vulnerability, and/or timelines in security policy: SECURITY.md:1
- Info: Found text in security policy: SECURITY.md:1
Reason
no binaries found in the repo
Reason
0 existing vulnerabilities detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE.txt:0
- Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0
Reason
Found 1/30 approved changesets -- score normalized to 0
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
branch protection not enabled on development/release branches
Details
- Warn: branch protection not enabled for branch 'gh-pages'
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 1 are checked with a SAST tool
Score
3.9
/10
Last Scanned on 2025-06-30
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More