Normalize-url, a popular package for cleaning and standardizing URLs, saw a bump from version 5.1.0 to 5.2.0 in late September 2020. Both versions, sporting the MIT license, maintain the core functionality of normalizing URLs, crucial for applications where consistent URL formats are needed for comparison, storage, or display. The development dependencies remain consistent between versions, relying on tools like XO for code linting, Ava for testing, NYC for coverage, TSD for TypeScript definitions, and Coveralls for coverage reporting. This indicates a stable development workflow focused on quality.
The key difference lies in the updated 'dist' object. Version 5.2.0 exhibits a slightly larger unpacked size of 18219 bytes compared to version 5.1.0's 17292 bytes. While the 'fileCount' remains at 5, the increased size suggests internal code adjustments, potentially encompassing bug fixes, performance improvements, or expanded feature sets. Developers should consider this when factoring in package size/performance restrictions. Notably, version 5.2.0 was released almost two months after 5.1.0, implying that reported issues or potential optimizations were incorporated. For developers seeking the most up-to-date and potentially refined version, upgrading to 5.2.0 is advisable, especially if they encountered any URL handling edge cases resolved in the interim. Both versions are backed by Sindre Sorhus, a reputable open-source maintainer, and offer a funding avenue through GitHub Sponsors, assuring ongoing maintenance.
All the vulnerabilities related to the version 5.2.0 of the package
ReDoS in normalize-url
The normalize-url package before 4.5.1, 5.x before 5.3.1, and 6.x before 6.0.1 for Node.js has a ReDoS (regular expression denial of service) issue because it has exponential performance for data: URLs.
