{"id":16920,"library":"url-safe","title":"URL Safe Logger","description":"The `url-safe` package provides a minimalist utility for sanitizing URLs by removing or masking the authentication (username:password) part. This is primarily used to prevent sensitive credentials from being exposed in logs or other less secure outputs. The current stable version is `2.0.0`, which was released on 2015-07-23. The package has seen no further releases or active development since then, indicating it is no longer maintained. Its key differentiator is its singular focus on URL sanitization for logging, leveraging Node.js's built-in `url` module. Developers should be aware of its age and lack of modern updates when considering its use in contemporary projects. Alternatives often involve more robust URL parsing and manipulation libraries or custom regex-based solutions for sensitive data removal.","status":"abandoned","version":"2.0.0","language":"javascript","source_language":"en","source_url":"https://github.com/boennemann/url-safe","tags":["javascript","url","safe","logging","filter"],"install":[{"cmd":"npm install url-safe","lang":"bash","label":"npm"},{"cmd":"yarn add url-safe","lang":"bash","label":"yarn"},{"cmd":"pnpm add url-safe","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is CommonJS-only and exports a default function. Direct ESM `import` statements will fail; use dynamic `import()` or CJS `require`.","wrong":"import urlSafe from 'url-safe';","symbol":"urlSafe","correct":"const urlSafe = require('url-safe');"},{"note":"While not explicitly designed for named exports, Node.js's ESM interop allows dynamic import for CommonJS default exports in some configurations, but `require` is the intended usage.","wrong":"import { urlSafe } from 'url-safe';","symbol":"urlSafe","correct":"const { urlSafe } = await import('url-safe');"}],"quickstart":{"code":"const urlSafe = require('url-safe');\n\nconst sensitiveUrl1 = 'http://user:pass@example.com/path?query=abc#hash';\nconst sensitiveUrl2 = 'https://admin:secret@api.service.com/data';\nconst sensitiveUrl3 = 'ftp://anonymous:ftp@example.org';\n\nconsole.log('Original URL 1:', sensitiveUrl1);\nconsole.log('Safe URL 1 (default):', urlSafe(sensitiveUrl1));\n// Expected: http://example.com/path?query=abc#hash\n\nconsole.log('\\nOriginal URL 2:', sensitiveUrl2);\nconsole.log('Safe URL 2 (masked with ***):', urlSafe(sensitiveUrl2, '***'));\n// Expected: https://***@api.service.com/data\n\nconsole.log('\\nOriginal URL 3:', sensitiveUrl3);\nconsole.log('Safe URL 3 (masked with [REDACTED]):', urlSafe(sensitiveUrl3, '[REDACTED]'));\n// Expected: ftp://[REDACTED]@example.org\n\n// Example with no auth part\nconst plainUrl = 'https://www.google.com';\nconsole.log('\\nPlain URL:', plainUrl);\nconsole.log('Safe Plain URL:', urlSafe(plainUrl));\n// Expected: https://www.google.com","lang":"javascript","description":"Demonstrates basic usage of `url-safe` to strip or mask the authentication portion of URLs for logging."},"warnings":[{"fix":"Review code that processes the output of `url-safe` to ensure it correctly handles the `url.format()` output, especially regarding path, query, and hash serialization.","message":"Starting with v2.0.0, the returned URL string is consistently formatted using Node.js's `url.format()` function. This may alter the exact string representation compared to previous versions if they used different serialization methods.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"For ESM projects, use `const urlSafe = await import('url-safe');` or ensure your build setup correctly handles CJS interop. Alternatively, consider modern alternatives with native ESM support.","message":"The package is CommonJS-only and has not been updated since 2015. It lacks native ESM support, which may require specific configuration (e.g., dynamic `import()`) or transpilation in modern ESM-first Node.js or browser environments.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"For security-critical applications or those requiring strict adherence to modern URL standards, consider using actively maintained libraries like `URL` (native in Node.js/browsers) or `url-parse` for more robust and current URL manipulation.","message":"Given its age, the package may not fully leverage or be compatible with newer URL parsing and formatting standards or security practices introduced in more recent Node.js versions or web specifications. The internal `url` module usage might be based on older APIs.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-22T00:00:00.000Z","next_check":"2026-07-21T00:00:00.000Z","problems":[{"fix":"Ensure you are using `const urlSafe = require('url-safe');` for CommonJS projects. If in an ESM context, consider `const { default: urlSafe } = await import('url-safe');` or similar interop patterns, though direct `require` is recommended for this specific package.","cause":"Attempting to call `urlSafe` when it was not correctly imported or required, potentially due to mixing CJS and ESM without proper interop.","error":"TypeError: urlSafe is not a function"},{"fix":"Verify that `url-safe` is treated as a CommonJS module. If you are experiencing this, it's more likely an issue with your project's configuration for handling CJS modules in an ESM context. Use `require()` directly.","cause":"This error is unlikely for `url-safe` itself as it's CJS, but if `url-safe` were treated as ESM by a misconfigured transpiler or an environment forcing ESM interpretation, this could occur.","error":"ERR_REQUIRE_ESM: Must use import to load ES Module: ...url-safe/index.js"}],"ecosystem":"npm","meta_description":null}