{"id":16910,"library":"strip-url-auth","title":"Strip URL Auth","description":"strip-url-auth is a focused JavaScript utility that removes the username and password (authentication) portion from a given URL string. It is currently stable at version 2.0.0. Developed by Sindresorhus, it adheres to a philosophy of single-purpose, highly reliable modules. Key differentiators include its minimalistic API, robust parsing for common URL formats, and its strict adherence to modern JavaScript standards. Releases typically occur when necessary for compatibility with newer Node.js versions or to address specific edge cases, rather than on a fixed cadence. It provides a simple, direct solution for sanitizing URLs for display or storage where authentication credentials should not be exposed.","status":"active","version":"2.0.0","language":"javascript","source_language":"en","source_url":"https://github.com/sindresorhus/strip-url-auth","tags":["javascript","string","url","uri","address","auth","authentication","user","username"],"install":[{"cmd":"npm install strip-url-auth","lang":"bash","label":"npm"},{"cmd":"yarn add strip-url-auth","lang":"bash","label":"yarn"},{"cmd":"pnpm add strip-url-auth","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"Since v2.0.0, this package is pure ESM and must be imported using dynamic `import()` or static `import` statements in an ESM context. CommonJS `require()` is no longer supported and will throw an error.","wrong":"const stripUrlAuth = require('strip-url-auth');","symbol":"stripUrlAuth","correct":"import stripUrlAuth from 'strip-url-auth';"}],"quickstart":{"code":"import stripUrlAuth from 'strip-url-auth';\n\nconst urlWithAuth = 'https://admin:securepass@example.com/path?query=value#hash';\nconst urlWithoutAuth = stripUrlAuth(urlWithAuth);\n\nconsole.log(`Original URL: ${urlWithAuth}`);\nconsole.log(`URL without auth: ${urlWithoutAuth}`);\n\n// Example with no auth\nconst simpleUrl = 'https://www.google.com';\nconst simpleUrlStripped = stripUrlAuth(simpleUrl);\nconsole.log(`\\nOriginal simple URL: ${simpleUrl}`);\nconsole.log(`Stripped simple URL: ${simpleUrlStripped}`);\n\n// Demonstrating with a different protocol\nconst ftpUrl = 'ftp://user:secret@ftp.example.org/files';\nconst ftpUrlStripped = stripUrlAuth(ftpUrl);\nconsole.log(`\\nOriginal FTP URL: ${ftpUrl}`);\nconsole.log(`Stripped FTP URL: ${ftpUrlStripped}`);\n\n// Handles edge cases like empty auth or missing protocol gracefully\nconst malformedAuthUrl = 'user:@host.com/path';\nconst malformedAuthUrlStripped = stripUrlAuth(malformedAuthUrl);\nconsole.log(`\\nMalformed auth URL: ${malformedAuthUrl}`);\nconsole.log(`Stripped malformed auth URL: ${malformedAuthUrlStripped}`);","lang":"javascript","description":"This example demonstrates how to import and use `stripUrlAuth` to remove authentication credentials from various URL formats, including HTTPS and FTP, and shows its behavior with URLs that do not contain auth or have malformed auth segments."},"warnings":[{"fix":"Migrate your project to use ES Modules or use dynamic `import()` where necessary. Ensure your `package.json` has `\"type\": \"module\"` or use `.mjs` file extension for modules importing this package.","message":"Version 2.0.0 and newer are pure ESM (ECMAScript Modules). CommonJS `require()` is no longer supported. This affects how the package is imported and used in Node.js environments.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"Upgrade your Node.js runtime to version 12 or newer. If you cannot upgrade Node.js, you must remain on `strip-url-auth` v1.x.","message":"Node.js 12 or higher is now required for `strip-url-auth` v2.0.0 and subsequent versions. Older Node.js versions are not supported.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"For comprehensive URL validation or other manipulations (e.g., encoding components), combine this package with a dedicated URL parsing library like Node's built-in `URL` class or a third-party module like `url-parse`.","message":"This package only strips the user and password parts of the URL. It does not validate the URL's overall format or perform any other kind of comprehensive sanitization or encoding.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Change `const stripUrlAuth = require('strip-url-auth');` to `import stripUrlAuth from 'strip-url-auth';` and ensure your project is configured for ESM (e.g., `\"type\": \"module\"` in `package.json` or using `.mjs` file extensions).","cause":"Attempting to use `require()` to import `strip-url-auth` in a CommonJS module after upgrading to v2.0.0+.","error":"Error [ERR_REQUIRE_ESM]: require() of ES Module .../node_modules/strip-url-auth/index.js from ... not supported."},{"fix":"Ensure your project or file is treated as an ES Module by adding `\"type\": \"module\"` to your `package.json` or by changing the file extension to `.mjs`. Alternatively, if you must remain in CommonJS, consider dynamic import: `(async () => { const { default: stripUrlAuth } = await import('strip-url-auth'); /* use stripUrlAuth */ })();` or stick to v1.x of the package.","cause":"Using `import stripUrlAuth from 'strip-url-auth';` in a CommonJS file (e.g., a `.js` file without `\"type\": \"module\"` in `package.json`) or an environment that doesn't support ESM.","error":"SyntaxError: Cannot use import statement outside a module"}],"ecosystem":"npm","meta_description":null}