npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

url-regex-unsafe

v3.0.2

Published

Regular expression matching for URL's. Maintained, and browser-friendly version of url-regex. This package is vulnerable to CVE-2020-7661. Works in Node v10.12.0+ and browsers.

Downloads

350

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ocavueocavue

Keywords

20207661CVE-2020-7661cvedetectemailemailsexpresionexpressionfromgethtmlmailmailsmaintainedparseparserparsingregexregexerregexerregexesregexingregexpsafescansniffstrstringtexturlurls

Readme

url-regex-unsafe

build status code coverage code style styled with prettier made with lass license npm downloads

Regular expression matching for URL's. Maintained, and browser-friendly version of url-regex. This package is vulnerable to CVE-2020-7661. Works in Node v10.12.0+ and browsers.

Table of Contents

Foreword

url-regex-unsafe is a fork of url-regex-safe, which is a fork of url-regex. url-regex-safe has resolved CVE-2020-7661 on Node by including RE2 for Node.js usage. However, RE2 does not support lookahead assertions in regular expressions, which leads to some limitations. To avoid these limitations, url-regex-unsafe gets rid of RE2 and uses built-in RegExp instead. This means that url-regex-unsafe is still vulnerable to CVE-2020-7661.

Install

npm:

npm install url-regex-unsafe

yarn:

yarn add url-regex-unsafe

Usage

Node

const urlRegexUnsafe = require('url-regex-unsafe');

const str = 'some long string with url.com in it';
const matches = str.match(urlRegexUnsafe());

for (const match of matches) {
  console.log('match', match);
}

console.log(urlRegexUnsafe({ exact: true }).test('github.com'));

Browser

VanillaJS

This is the solution for you if you're just using <script> tags everywhere!

<script src="https://unpkg.com/url-regex-unsafe"></script>
<script type="text/javascript">
  (function () {
    var str = 'some long string with url.com in it';
    var matches = str.match(urlRegexUnsafe());

    for (var i = 0; i < matches.length; i++) {
      console.log('match', matches[i]);
    }

    console.log(urlRegexUnsafe({ exact: true }).test('github.com'));
  })();
</script>

Bundler

Assuming you are using browserify, webpack, rollup, or another bundler, you can simply follow Node usage above.

TypeScript

This package has built-in support for TypeScript.

Options

| Property | Type | Default Value | Description | | | ---------------- | ------- | ------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | - | | exact | Boolean | false | Only match an exact String. Useful with regex.test(str) to check if a String is a URL. We set this to false by default in order to match String values such as github.com (as opposed to requiring a protocol or www subdomain). We feel this closely more resembles real-world intended usage of this package. | | | strict | Boolean | false | Force URL's to start with a valid protocol or www if set to true. If true, then it will allow any TLD as long as it is a minimum of 2 valid characters. If it is false, then it will match the TLD against the list of valid TLD's using tlds. | | | auth | Boolean | false | Match against Basic Authentication headers. We set this to false by default since it was deprecated in Chromium, and otherwise it leaves the user with unwanted URL matches (more closely resembles real-world intended usage of this package by having it set to false by default too). | | | localhost | Boolean | true | Allows localhost in the URL hostname portion. See the test/test.js for more insight into the localhost test and how it will return a value which may be unwanted. A pull request would be considered to resolve the "pic.jp" vs. "pic.jpg" issue. | | | parens | Boolean | false | Match against Markdown-style trailing parenthesis. We set this to false because it should be up to the user to parse for Markdown URL's. | | | apostrophes | Boolean | false | Match against apostrophes. We set this to false because we don't want the String background: url('http://example.com/pic.jpg'); to result in http://example.com/pic.jpg'. See this issue for more information. | | | trailingPeriod | Boolean | false | Match against trailing periods. We set this to false by default since real-world behavior would want example.com versus example.com. as the match (this is different than url-regex where it matches the trailing period in that package). | | | ipv4 | Boolean | true | Match against IPv4 URL's. | | | ipv6 | Boolean | true | Match against IPv6 URL's. | | | tlds | Array | tlds | Match against a specific list of tlds, or the default list provided by tlds. | | | returnString | Boolean | false | Return the RegExp as a String instead of a RegExp (useful for custom logic, such as we did with Spam Scanner). | |

Quick tips and migration from url-regex

You must override the default and set strict: true if you do not wish to match github.com by itself (though www.github.com will work if strict: false).

Unlike the deprecated and unmaintained package url-regex, we do a few things differently:

  • We set strict to false by default (url-regex had this set to true)
  • We added an auth option, which is set to false by default (url-regex matches against Basic Authentication; had this set to true - however this is a deprecated behavior in Chromium).
  • We added parens and ipv6 options, which are set to false and true by default (url-regex had parens set to true and ipv6 was non-existent or set to false rather).
  • We added an apostrophe option, which is set to false by default (url-regex had this set to true).
  • We added a trailingPeriod option, which is set to false by default (which means matches won't contain trailing periods, whereas url-regex had this set to true).

Contributors

| Name | Website | | -------------------- | ---------------------------- | | ocavue | https://github.com/ocavue/ | | Nick Baugh | http://niftylettuce.com/ | | Kevin Mårtensson | | | Diego Perini | |

License

MIT © ocavue