npmpackage.info

Gathering detailed insights and metrics for url-parse

Other packages similar to url-parse

url-parse-lax

5.0.0

Lax `url.parse()` with support for protocol-less URLs & IPs

parse-url

9.2.0

An advanced url parser supporting git urls too.

git-url-parse

16.0.1

A high level git url parser for common git providers.

6.14.0

A querystring parser that supports nesting and arrays, with a depth limit

url-parse

Small footprint URL parser that works seamlessly across Node.js and browser environments.

1.5.10

1,036

MIT

JavaScript

2.46 kB

4,407,454,815 4.1

Installations

npm install url-parse

Developer Guide

BETA

Typescript

No

Module System

CommonJS

Node Version

14.19.0

NPM Version

6.14.16 Score

99.1

Supply Chain

99.5

Quality

80.8

Maintenance

100

Vulnerability

100

License

Pull Requests

Open

1

Total

98

Closed

14

Merged

83

Issues

Open

12

Total

131

Closed

119

Releases

Unable to fetch releases

Contributors

View All 17 Contributors

Languages

JavaScript

HTML

JavaScript (98.89%)

HTML (1.11%)

validate.email 🚀

Verify real, reachable, and deliverable emails with instant MX records, SMTP checks, and disposable email detection.

Developer

unshiftio

Download Statistics

Total Downloads

4,407,454,815

Last Day

4,407,998

Last Week

24,042,918

Last Month

102,138,595

Last Year

1,149,191,257

GitHub Statistics

MIT License

1,036 Stars

343 Commits

108 Forks

15 Watchers

1 Branches

17 Contributors

Updated on Mar 06, 2025

Bundle Size

5.99 kB

Minified

2.46 kB

Minified + Gzipped

Bundlephobia

Maintainers

Package Meta Information

Latest Version

1.5.10

Package Id

url-parse@1.5.10

Unpacked Size

61.48 kB

Size

16.61 kB

File Count

NPM Version

6.14.16

Node Version

14.19.0

Total Downloads

Cumulative downloads

Total Downloads

4,407,454,815

Last Day

2.2%

4,407,998

Compared to previous day

Last Week

-1.2%

24,042,918

Compared to previous week

Last Month

3.8%

102,138,595

Compared to previous month

Last Year

22.1%

1,149,191,257

Compared to previous year

Daily Downloads

Weekly Downloads

Monthly Downloads

Yearly Downloads

Dependencies

querystringify requires-port

Dev Dependencies

assume browserify c8 mocha pre-commit sauce-browsers sauce-test uglify-js

url-parse

url-parse was created in 2014 when the WHATWG URL API was not available in Node.js and the URL interface was supported only in some browsers. Today this is no longer true. The URL interface is available in all supported Node.js release lines and basically all browsers. Consider using it for better security and accuracy.

The url-parse method exposes two different API interfaces. The url interface that you know from Node.js and the new URL interface that is available in the latest browsers.

In version 0.1 we moved from a DOM based parsing solution, using the <a> element, to a full Regular Expression solution. The main reason for this was to make the URL parser available in different JavaScript environments as you don't always have access to the DOM. An example of such environment is the Worker interface. The RegExp based solution didn't work well as it required a lot of lookups causing major problems in FireFox. In version 1.0.0 we ditched the RegExp based solution in favor of a pure string parsing solution which chops up the URL into smaller pieces. This module still has a really small footprint as it has been designed to be used on the client side.

In addition to URL parsing we also expose the bundled querystringify module.

Installation

This module is designed to be used using either browserify or Node.js it's released in the public npm registry and can be installed using:

npm install url-parse

Usage

All examples assume that this library is bootstrapped using:

1'use strict';
2
3var Url = require('url-parse');

To parse an URL simply call the URL method with the URL that needs to be transformed into an object.

1var url = new Url('https://github.com/foo/bar');

The new keyword is optional but it will save you an extra function invocation. The constructor takes the following arguments:

url (String): A string representing an absolute or relative URL.
baseURL (Object | String): An object or string representing the base URL to use in case url is a relative URL. This argument is optional and defaults to location in the browser.
parser (Boolean | Function): This argument is optional and specifies how to parse the query string. By default it is false so the query string is not parsed. If you pass true the query string is parsed using the embedded querystringify module. If you pass a function the query string will be parsed using this function.

As said above we also support the Node.js interface so you can also use the library in this way:

1'use strict';
2
3var parse = require('url-parse')
4  , url = parse('https://github.com/foo/bar', true);

The returned url instance contains the following properties:

protocol: The protocol scheme of the URL (e.g. http:).
slashes: A boolean which indicates whether the protocol is followed by two forward slashes (//).
auth: Authentication information portion (e.g. username:password).
username: Username of basic authentication.
password: Password of basic authentication.
host: Host name with port number. The hostname might be invalid.
hostname: Host name without port number. This might be an invalid hostname.
port: Optional port number.
pathname: URL path.
query: Parsed object containing query string, unless parsing is set to false.
hash: The "fragment" portion of the URL including the pound-sign (#).
href: The full URL.
origin: The origin of the URL.

Note that when url-parse is used in a browser environment, it will default to using the browser's current window location as the base URL when parsing all inputs. To parse an input independently of the browser's current URL (e.g. for functionality parity with the library in a Node environment), pass an empty location object as the second parameter:

1var parse = require('url-parse');
2parse('hostname', {});

Url.set(key, value)

A simple helper function to change parts of the URL and propagating it through all properties. When you set a new host you want the same value to be applied to port if has a different port number, hostname so it has a correct name again and href so you have a complete URL.

1var parsed = parse('http://google.com/parse-things');
2
3parsed.set('hostname', 'yahoo.com');
4console.log(parsed.href); // http://yahoo.com/parse-things

It's aware of default ports so you cannot set a port 80 on an URL which has http as protocol.

Url.toString()

The returned url object comes with a custom toString method which will generate a full URL again when called. The method accepts an extra function which will stringify the query string for you. If you don't supply a function we will use our default method.

1var location = url.toString(); // http://example.com/whatever/?qs=32

You would rarely need to use this method as the full URL is also available as href property. If you are using the URL.set method to make changes, this will automatically update.

Testing

The testing of this module is done in 3 different ways:

We have unit tests that run under Node.js. You can run these tests with the npm test command.
Code coverage can be run manually using npm run coverage.
For browser testing we use Sauce Labs and zuul. You can run browser tests using the npm run test-browser command.

License

MIT

Stable Version

1.5.10

Critical

9.1/10

Summary

Authorization Bypass Through User-Controlled Key in url-parse

Affected Versions

< 1.5.8

Patched Versions

1.5.8

Critical

10/10

Summary

Open Redirect in url-parse

Affected Versions

< 1.4.3

Patched Versions

1.4.3

Moderate

6.5/10

Summary

url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.

Affected Versions

< 1.5.9

Patched Versions

1.5.9

Moderate

6.5/10

Summary

url-parse Incorrectly parses URLs that include an '@'

Affected Versions

< 1.5.7

Patched Versions

1.5.7

Moderate

5.3/10

Summary

Authorization bypass in url-parse

Affected Versions

< 1.5.6

Patched Versions

1.5.6

Moderate

6.1/10

Summary

Open redirect in url-parse

Affected Versions

< 1.5.2

Patched Versions

1.5.2

Moderate

5.3/10

Summary

Improper Validation and Sanitization in url-parse

Affected Versions

< 1.4.5

Patched Versions

1.4.5

Moderate

5.3/10

Summary

Path traversal in url-parse

Affected Versions

< 1.5.0

Patched Versions

1.5.0

10

Dangerous-Workflow

Determines if the project's GitHub Action workflows avoid dangerous patterns.

10

Binary-Artifacts

Determines if the project has generated executable (binary) artifacts in the source repository.

10

Security-Policy

Determines if the project has published a security policy.

10

Vulnerabilities

Determines if the project has open, known unfixed vulnerabilities.

10

License

Determines if the project has defined a license.

0

Maintained

Determines if the project is "actively maintained".

0

Code-Review

Determines if the project requires human code review before pull requests (aka merge requests) are merged.

0

Pinned-Dependencies

Determines if the project has declared and pinned the dependencies of its build process.

0

Token-Permissions

Determines if the project's workflows follow the principle of least privilege.

0

CII-Best-Practices

Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.

0

Fuzzing

Determines if the project uses fuzzing.

0

Branch-Protection

Determines if the default and release branches are protected with GitHub's branch protection settings.

0

SAST

Determines if the project uses static code analysis.

Score

4.1

/10

Last Scanned on 2025-03-03

The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.

Learn More