normalize-package-data icon indicating copy to clipboard operation
normalize-package-data copied to clipboard
verified publisher icon npm

[CHORE] Node 24 warns of urlParse use in fixHomepageField

Open jdalton opened this issue 7 months ago • 2 comments

[CHORE] Node 24 warns of url.parse use in fixHomepageField.

(node:92230) [DEP0169] DeprecationWarning: url.parse() behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for url.parse() vulnerabilities. at Object.urlParse [as parse] (node:url:130:13) at Object.fixHomepageField (/<the_path_and_stuff>/normalize-package-data.js:5657:16)

jdalton avatar May 10 '25 14:05 jdalton

The plan is to finish removing this from npm and calling the code via @npmcli/package-json.

ref: https://github.com/npm/package-json/pull/139

wraithgar avatar May 12 '25 16:05 wraithgar

@wraithgar @npmcli/package-json still seems to be using url.parse internally. https://github.com/npm/package-json/blob/b6465f44c727d6513db6898c7cbe41dd355cebe8/lib/normalize-data.js#L127

btea avatar May 16 '25 07:05 btea